Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CVE-2024-2928 Detector Plugin #535

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add CVE-2024-2928 Detector Plugin #535

wants to merge 2 commits into from

Conversation

frkngksl
Copy link
Contributor

Hi @tooryx ,

This is the plugin PR that resolves #503

Vulnerable and Fixed Environments are here: google/security-testbeds#83

leonardo-doyensec
leonardo-doyensec reviewed Sep 30, 2024
View reviewed changes
Copy link
Collaborator

@leonardo-doyensec leonardo-doyensec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @frkngksl. Thank you for your contribution. I confirm that the plugin is working correctly.
You can find some minor issues to address down below.

Feel free to reach out.
~ Leonardo (Doyensec)

...main/java/com/google/tsunami/plugins/detectors/cves/cve20242928/Cve20242928VulnDetector.java Outdated Show resolved Hide resolved
...main/java/com/google/tsunami/plugins/detectors/cves/cve20242928/Cve20242928VulnDetector.java Outdated Show resolved Hide resolved
@frkngksl
Copy link
Contributor Author

Hi @leonardo-doyensec , Thanks for the review. I updated the code with your recommendations. Could you check again?

@leonardo-doyensec
Copy link
Collaborator

LGTM - Approved
@maoning we can merge this. Moreover we can also merge the google/security-testbeds#83

Reviewer: Leonardo, Doyensec
Plugin: CVE-2024-2928 Detector
Feedback: The overall quality is superlative. The security testbed is easy to deploy, well explained and works perfectly. The plugin contains everything that is necessary for a fast detection of the vulnerability. Bonus point for the responsiveness of the author.
Drawback: None.

@tooryx tooryx added the lgtm label Oct 1, 2024
@frkngksl
Copy link
Contributor Author

Hi @tooryx , is there any new update on this PR, it was more than 1 month ago.

@tooryx
Copy link
Member

tooryx commented Oct 28, 2024

Hi @frkngksl,

I am processing the PRs in chronological order (oldest first), I will get there please bear with us.

~tooryx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leonardo-doyensec leonardo-doyensec leonardo-doyensec left review comments

Assignees

@frkngksl frkngksl

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AI PRP: Arbitrary File Read in mlflow CVE-2024-2928
3 participants
@frkngksl @leonardo-doyensec @tooryx