-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprojectVulnerabilities.txt
More file actions
26 lines (17 loc) · 1.29 KB
/
projectVulnerabilities.txt
File metadata and controls
26 lines (17 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
logging best practices:
https://www.chaossearch.io/blog/log-management-best-practices
1. Frontend
https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities
As it is stated in npm documentation, command npm audit checks vulnerabilities. It did not found any vulnerabilities in dependencies.
2. Database
This application is using postgreSQL database. It's version is 14.0. On the official postgresql website we can find list of known vulnerabilities. There are 3 vulnerabilities that may affect current version of database. All vulnerabilites are fixed in later releases so upgrading database to newest version is easiest solution to solve this potential risks.
All vulnerabilities:
https://www.postgresql.org/support/security/
Vulnerabilities that may affect application:
https://www.postgresql.org/support/security/CVE-2022-1552/
https://www.postgresql.org/support/security/CVE-2021-23222
https://www.postgresql.org/support/security/CVE-2021-23214/
3. Spring boot
Owasp dependency check is tool developed to check if any dependency in our project has vulnerabilities. Database for known vulnerabilities is available on nist.gov (national vulnerability database) website. Using command bellow I generated the vulnerabilities report.
mvn org.owasp:dependency-check-maven:check
4. Windows