amazon-sqs-java-messaging-lib icon indicating copy to clipboard operation
amazon-sqs-java-messaging-lib copied to clipboard
verified publisher icon awslabs

Vulnerability issue in amazon-sqs-java-messaging-lib:jar:2.0.2:compile

Open zZToasterZz opened this issue 2 years ago • 0 comments

After running the OWASP dependency checker against the library, Following are the vulnerabilities that are reported:

netty-buffer-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-codec-http-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-codec-http2-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-common-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-handler-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-transport-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-transport-classes-epoll-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881 netty-transport-native-unix-common-4.1.77.Final.jar: CVE-2022-41915, CVE-2022-41881

These jars are present in the listed package. image

These CVEs are reported for version 4.1.77.Final already resolved in the version 4.1.86.Final for netty.

zZToasterZz avatar Jan 03 '23 11:01 zZToasterZz