Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: alljames/java-goof
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: snyk-labs/java-goof
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 18 commits
  • 15 files changed
  • 6 contributors

Commits on Jan 6, 2022

  1. add secondary command to LDAP server. This creates an attack based de… 

    …serialization of the commons collection library. This RCE works on all Java versions
    @bmvermeer
    bmvermeer committed Jan 6, 2022
    Configuration menu
    Copy the full SHA
    4625d86 View commit details
    Browse the repository at this point in the history

  2. Changed logger to lo4j, log invalid login with username (log4shell in… 

    …put). Added commons-collection to do a deserialization RCE on newer java version based on log4shell.
    @bmvermeer
    bmvermeer committed Jan 6, 2022
    Configuration menu
    Copy the full SHA
    186ff5c View commit details
    Browse the repository at this point in the history

Commits on Jan 10, 2022

  1. updated the log4shell hacks with a howto

    @bmvermeer
    bmvermeer committed Jan 10, 2022
    Configuration menu
    Copy the full SHA
    be674dd View commit details
    Browse the repository at this point in the history

Commits on Jan 21, 2022

  1. Dockerfile changes to work with new mvn assembly configuration for lo… 

    …g4shell-server

Fixes snyk-labs#377
    Eric committed Jan 21, 2022
    Configuration menu
    Copy the full SHA
    fb904b6 View commit details
    Browse the repository at this point in the history

Commits on Jan 25, 2022

  1. Merge pull request snyk-labs#378 from ericsmalling/main 

    Dockerfile fix for new mvn assembly configuration for log4shell-server
    @ericsmalling
    ericsmalling authored Jan 25, 2022
    Configuration menu
    Copy the full SHA
    3849cf7 View commit details
    Browse the repository at this point in the history

  2. Initial workflows

    Eric committed Jan 25, 2022
    Configuration menu
    Copy the full SHA
    24f4144 View commit details
    Browse the repository at this point in the history

Commits on Jan 27, 2022

  1. Merge pull request snyk-labs#379 from ericsmalling/workflow 

    Initial docker-based github action workflows
    @ericsmalling
    ericsmalling authored Jan 27, 2022
    Configuration menu
    Copy the full SHA
    0d2b9a0 View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2022

  1. Add basic smoke test 

    There's probably a much better way to do this than just sleeping for app warmup but this should work for now.
    @ericsmalling
    ericsmalling authored and Eric committed Jan 31, 2022
    Configuration menu
    Copy the full SHA
    7cf8304 View commit details
    Browse the repository at this point in the history

  2. Split tests and add smoke for log4shell-goof-server

    Eric committed Jan 31, 2022
    Configuration menu
    Copy the full SHA
    50edd00 View commit details
    Browse the repository at this point in the history

  3. Merge pull request snyk-labs#382 from ericsmalling/main 

    Add basic smoke test
    @ericsmalling
    ericsmalling authored Jan 31, 2022
    Configuration menu
    Copy the full SHA
    c11f55a View commit details
    Browse the repository at this point in the history

  4. Adding k8s tests

    Eric committed Jan 31, 2022
    Configuration menu
    Copy the full SHA
    d144e01 View commit details
    Browse the repository at this point in the history

  5. Merge pull request snyk-labs#383 from ericsmalling/main 

    Adding basic k8s smoke tests
    @ericsmalling
    ericsmalling authored Jan 31, 2022
    Configuration menu
    Copy the full SHA
    a61efa0 View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2022

  1. minor mod to license: http to https

    @dogeared
    dogeared committed Feb 22, 2022
    Configuration menu
    Copy the full SHA
    dcc3743 View commit details
    Browse the repository at this point in the history

  2. Merge pull request snyk-labs#385 from snyk-labs/license_update 

    minor mod to license: http to https
    @dogeared
    dogeared authored Feb 22, 2022
    Configuration menu
    Copy the full SHA
    6d52cb9 View commit details
    Browse the repository at this point in the history

Commits on Jun 16, 2023

  1. fix: todolist-goof/Dockerfile to reduce vulnerabilities 

    The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN9-CURL-358683
- https://snyk.io/vuln/SNYK-DEBIAN9-CURL-358714
- https://snyk.io/vuln/SNYK-DEBIAN9-CURL-358772
- https://snyk.io/vuln/SNYK-DEBIAN9-CURL-358843
- https://snyk.io/vuln/SNYK-DEBIAN9-CURL-358855
    @snyk-bot
    snyk-bot committed Jun 16, 2023
    Configuration menu
    Copy the full SHA
    631282b View commit details
    Browse the repository at this point in the history

Commits on Jul 27, 2023

  1. Merge pull request snyk-labs#471 from snyk-labs/snyk-fix-527333116dc4… 

    …6fc135cbb65aba073390

[Snyk] Security upgrade tomcat from 8.5.21 to 8.5.89
    @vermava
    vermava authored Jul 27, 2023
    Configuration menu
    Copy the full SHA
    fa0ccb7 View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2023

  1. Revert "[Snyk] Security upgrade tomcat from 8.5.21 to 8.5.89"

    @vermava
    vermava authored Aug 1, 2023
    Configuration menu
    Copy the full SHA
    05fd139 View commit details
    Browse the repository at this point in the history

  2. Merge pull request snyk-labs#480 from snyk-labs/revert-471-snyk-fix-5… 

    …27333116dc46fc135cbb65aba073390

Revert "[Snyk] Security upgrade tomcat from 8.5.21 to 8.5.89"
    @vermava
    vermava authored Aug 1, 2023
    Configuration menu
    Copy the full SHA
    f5719ae View commit details
    Browse the repository at this point in the history
Loading