Here is a small example I found very fast out of curiosity. Jcommander is susceptible to MITM.
https://github.com/cbeust/jcommander/issues/465 This is still open afaik. I'll be digging more for things like zipslip etc and transient vulns. I still would appreciate any advice. Auditing Fluo will probably mean working inspecting other projects more than Fluo itself. On Fri, Dec 13, 2019, 11:27 AM Kenneth McFarland < kennethmcfarl...@apache.org> wrote: > Hi guys, > > I have found I'm pretty interested in security. > > I'd like to get some experience with Fluo and it's dependencies auditing > them. I'm doing my own research but it's always best to leverage others > experience. > > If you have any good references, advice or tips for me please let me know. > I'll also be looking through the commit logs and checking accumulo. > > I wasn't sure where else to ask this since it's not really an issue until > something is found. Thanks! > > Kenny >