Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Amadora2020-03-13 12:44:16
Wiki engines
Amadora, 2020-03-13 12:44:16

Does PlantUML really have security holes?

I wanted to install a harmless PlantUML plugin for confluence in my company, but it was rejected on Sat with critical remarks:
1. Insecure own implementation of ssl (empty method)
2. No certificate host verification
3. Reflected cross-site scripting

I'm not very strong in security, questions:
1. How can I test the plugin for these vulnerabilities myself?
2. Are they redundant? It's embarrassing that the plugin is quite popular and there are so many critical vulnerabilities (and hundreds of non-critical ones)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vadim Priluzkiy, 2020-03-13
@Oxyd

It seems to me that the security guards are carrying some kind of game. For the entire confluence has a little less than 40 CVEs for all the time and plantuml is not listed in any of them.

Similar questions
B
Boris the Animal2020-06-02 12:32:19
Is it possible in Confluence to highlight words in text so that there is a background? 1Reply
B
blabs2021-09-20 11:53:44
How to separate access rights to sections in Confuence for different user groups? 1Reply
@
@krikson2014-01-15 12:40:21
Wiki CMS + ability to integrate with social networks? 1Reply
K
Kroid2014-03-22 10:55:57
What is a personal wiki? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question