Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Amadora2020-03-13 12:44:16
Wiki engines
Amadora, 2020-03-13 12:44:16

Does PlantUML really have security holes?

I wanted to install a harmless PlantUML plugin for confluence in my company, but it was rejected on Sat with critical remarks:
1. Insecure own implementation of ssl (empty method)
2. No certificate host verification
3. Reflected cross-site scripting

I'm not very strong in security, questions:
1. How can I test the plugin for these vulnerabilities myself?
2. Are they redundant? It's embarrassing that the plugin is quite popular and there are so many critical vulnerabilities (and hundreds of non-critical ones)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vadim Priluzkiy, 2020-03-13
@Oxyd

It seems to me that the security guards are carrying some kind of game. For the entire confluence has a little less than 40 CVEs for all the time and plantuml is not listed in any of them.

Similar questions
I
inscamp2016-03-04 21:29:31
How to make a request to the Wiktionary API to get data about a word in JSON? 1Reply
D
Doobrovskiy2020-08-09 11:29:45
Is there a wiki engine that supports Word formulas? 1Reply
S
Shandy2021-11-22 21:17:38
Which wiki engine to choose for the server knowledge base? 1Reply
A
Alexander2016-05-14 17:36:59
What are the analogues of an intracorporate wiki? 1Reply
D
Denis Sh2014-04-11 13:52:05
What is the wiki engine with a convenient and simple editor? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question