GithubHelp home page GithubHelp logo

eternalcodeteam / lobbyheads Goto Github PK

View Code? Open in Web Editor NEW
7.0 7.0 0.0 6.47 MB

✨ Decorative heads for your server Hub!

Home Page: https://www.eternalcode.pl

License: GNU General Public License v3.0

Java 100.00%
decorative hacktoberfest kyori minecraft minecraft-plugin paper spigot

lobbyheads's People

Contributors

imgbot[bot] avatar mend-bolt-for-github[bot] avatar renovate[bot] avatar vluckyyy avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar

lobbyheads's Issues

groovy-all-3.0.19.pom: 1 vulnerabilities (highest severity is: 7.8) - autoclosed

Vulnerable Library - groovy-all-3.0.19.pom

Path to dependency file: /lobbyheads-core/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.testng/testng/7.5/1416a607fae667c14e390b484e8d02b5824c0674/testng-7.5.jar

Found in HEAD commit: 7c809472b2402d7790f1f93c239e9487ec97477b

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (groovy-all version) Remediation Possible**
CVE-2022-4065 High 7.8 testng-7.5.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-4065

Vulnerable Library - testng-7.5.jar

Testing framework for Java

Library home page: https://testng.org

Path to dependency file: /lobbyheads-core/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.testng/testng/7.5/1416a607fae667c14e390b484e8d02b5824c0674/testng-7.5.jar

Dependency Hierarchy:

  • groovy-all-3.0.19.pom (Root Library)
    • groovy-testng-3.0.19.jar
      • testng-7.5.jar (Vulnerable Library)

Found in HEAD commit: 7c809472b2402d7790f1f93c239e9487ec97477b

Found in base branch: master

Vulnerability Details

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.

Publish Date: 2022-11-19

URL: CVE-2022-4065

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-11-19

Fix Resolution: org.testng:testng:7.7.0

Step up your Open Source Security Game with Mend here

Add leaderboard.

Leaderboard with the number of players who have swapped heads the most times.

groovy-all-3.0.21.pom: 1 vulnerabilities (highest severity is: 7.8)

Vulnerable Library - groovy-all-3.0.21.pom

Path to dependency file: /lobbyheads-core/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.testng/testng/7.5/1416a607fae667c14e390b484e8d02b5824c0674/testng-7.5.jar

Found in HEAD commit: a16033fa669ef4a29f157f46fef0a713f3e536b6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (groovy-all version) Remediation Possible**
CVE-2022-4065 High 7.8 testng-7.5.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-4065

Vulnerable Library - testng-7.5.jar

Testing framework for Java

Library home page: https://testng.org

Path to dependency file: /lobbyheads-core/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.testng/testng/7.5/1416a607fae667c14e390b484e8d02b5824c0674/testng-7.5.jar

Dependency Hierarchy:

  • groovy-all-3.0.21.pom (Root Library)
    • groovy-testng-3.0.21.jar
      • testng-7.5.jar (Vulnerable Library)

Found in HEAD commit: a16033fa669ef4a29f157f46fef0a713f3e536b6

Found in base branch: master

Vulnerability Details

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.

Publish Date: 2022-11-19

URL: CVE-2022-4065

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-11-19

Fix Resolution: org.testng:testng:7.7.0

Step up your Open Source Security Game with Mend here

No /heads add in available commands

When I add this plugin to the server and enter /head add, it writes to me that there is no such command

  • Minecraft Version: 1.19.4
  • LobbyHeads Version: 1.0.1
  • Server Platform: Paper
  • Server Version: 1.19.4
  • Java Version: 17

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update dependency checkstyle to v10.16.0

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/gradle.yml
  • actions/checkout v4.1.1
  • actions/setup-java v4.2.1
  • actions/cache v3.3.3
  • actions/upload-artifact v4.3.2
gradle
settings.gradle.kts
buildSrc/build.gradle.kts
buildSrc/src/main/kotlin/lobbyheads-checkstyle.gradle.kts
  • checkstyle 10.15.0
buildSrc/src/main/kotlin/lobbyheads-java-17.gradle.kts
buildSrc/src/main/kotlin/lobbyheads-java-unit-test.gradle.kts
  • org.codehaus.groovy:groovy-all 3.0.21
  • org.junit:junit-bom 5.9.1
  • org.mockito:mockito-core 5.6.0
buildSrc/src/main/kotlin/lobbyheads-publish.gradle.kts
buildSrc/src/main/kotlin/lobbyheads-repositories.gradle.kts
lobbyheads-api/build.gradle.kts
  • org.spigotmc:spigot-api 1.20.2-R0.1-SNAPSHOT
  • org.jetbrains:annotations 24.1.0
lobbyheads-core/build.gradle.kts
  • net.minecrell.plugin-yml.bukkit 0.6.0
  • com.github.johnrengelman.shadow 8.1.1
  • xyz.jpenilla.run-paper 2.2.3
  • eu.okaeri:okaeri-configs-yaml-snakeyaml 5.0.1
  • eu.okaeri:okaeri-configs-serdes-commons 5.0.1
  • net.kyori:adventure-platform-bukkit 4.3.2
  • net.kyori:adventure-text-minimessage 4.14.0
  • dev.rollczi:liteskullapi 1.3.0
  • org.spigotmc:spigot-api 1.20.2-R0.1-SNAPSHOT
  • org.spigotmc:spigot-api 1.20.2-R0.1-SNAPSHOT
  • com.mojang:authlib 5.0.47
  • com.github.unldenis:holoeasy 3.0.1
  • me.clip:placeholderapi 2.11.5
  • org.bstats:bstats-bukkit 3.0.2
  • com.eternalcode:gitcheck 1.0.0
  • org.codehaus.groovy:groovy-all 3.0.21
  • org.junit:junit-bom 5.9.1
  • org.mockito:mockito-core 5.6.0
gradle-wrapper
gradle/wrapper/gradle-wrapper.properties
  • gradle 8.4
  • Check this box to trigger a request for Renovate to run again on this repository

Create PlaceholderAPI Hook.

Create placeholderapi hook instead of static PlaceholderAPI#setPlaceholders method to set placeholder from papi in hologram.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.