Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch vulnerable dependencies #1781

Open
victorherraiz opened this issue Mar 25, 2024 · 1 comment
Open

Patch vulnerable dependencies #1781

victorherraiz opened this issue Mar 25, 2024 · 1 comment

Comments

@victorherraiz
Copy link

There are several vulnerable dependencies>

https://mvnrepository.com/artifact/au.com.dius.pact.consumer/junit5/4.6.7

@Harmelodic
Copy link

au.com.dius.pact.consumer:junit5:4.6.11 now has different vulnerabilities from dependencies according to Maven Central:

https://mvnrepository.com/artifact/au.com.dius.pact.consumer/junit5/4.6.11

IntelliJ IDEA communicates even more:

  • Provides transitive vulnerable dependency maven:com.google.guava:guava:31.1-jre
    CVE-2023-2976 7.1 Files or Directories Accessible to External Parties vulnerability with High severity foundResults powered by Checkmarx(c)

  • Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2
    Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability with High severity foundResults powered by Checkmarx(c)

  • Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.21
    CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
    CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity foundResults powered by Checkmarx(c)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants