NullPointerException when importing NVD CVE - 2008 in MySQL Database
See original GitHub issueSince a few days, we hit a NPE when importing the data into a MySQL database using 1.4.2 (another job using 1.3.6 is fine):
INFO - Processing Started for NVD CVE - 2008
2016-09-06 06:36:58,537 org.owasp.dependencycheck.data.update.NvdCveUpdater:231
DEBUG - Execution Exception during process
java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:192)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:221)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:82)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:492)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:318)
at org.owasp.dependencycheck.App.run(App.java:144)
at org.owasp.dependencycheck.App.main(App.java:68)
Caused by: java.lang.NullPointerException: null
at org.owasp.dependencycheck.dependency.Reference.compareTo(Reference.java:144)
at org.owasp.dependencycheck.dependency.Reference.compareTo(Reference.java:28)
at java.util.TreeMap.compare(TreeMap.java:1294)
at java.util.TreeMap.put(TreeMap.java:538)
at java.util.TreeSet.add(TreeSet.java:255)
at org.owasp.dependencycheck.dependency.Vulnerability.addReference(Vulnerability.java:110)
at org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler.endElement(NvdCve20Handler.java:205)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2967)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:841)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:770)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:327)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:328)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importXML(ProcessTask.java:150)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:162)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:116)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:45)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Issue Analytics
- State:
- Created 7 years ago
- Reactions:1
- Comments:5 (3 by maintainers)
Top Results From Across the Web
CVE-2008-4456 Detail - NVD
Current Description. Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions ...
Read more >Java. This vulnerability - CVE - Search Results
Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default ...
Read more >Security Bulletin 02 Nov 2022
CVE Number Base Score Reference
CVE‑2021‑32679 8.8 https://nvd.nist.gov/vuln/detail/CVE‑2021‑32679
CVE‑2021‑32688 8.8 https://nvd.nist.gov/vuln/detail/CVE‑2021‑32688
CVE‑2021‑32765 8.8 https://nvd.nist.gov/vuln/detail/CVE‑2021‑32765
Read more >cannot invoke org.springframework.web.servlet.mvc.condition ...
Bean; import org.springframework.context.annotation. ... CVE - 2009 [INFO] Processing Started for NVD CVE - 2007 [INFO] Download Complete for NVD CVE - 2008...
Read more >Security Details - F5 Cloud Docs
200002309, SQL-INJ "MySQL comment" (Headers), SQL-Injection, 1, General Database, http://www.owasp.org/index.php/SQL_Injection, ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@sterfpaul Yes, this error (and one other) will occur on all 1.4.2 and earlier (however, in versions earlier then 1.4.2 it is silent failure). We will be releasing the new version hopefully today.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.