Fix vulnerabilities in azure-spring-cloud-appconfiguration-config AppConfiguration Provider

Open DhavalShewale opened this issue 3 years ago • 0 comments

Library

<dependency>
  <groupId>com.azure.spring</groupId>
  <artifactId>azure-spring-cloud-appconfiguration-config</artifactId>
  <version>2.7.0</version>
</dependency>

Vulnerabilities

*------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*
|  SEVERITY  |  LIBRARY                            |  ID              |  TOP FIX                                                                                               |
| ---------- | ----------------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------ |
| MEDIUM     | netty-common-4.1.76.Final.jar       | CVE-2022-24823   | Upgrade to version io.netty:netty-all;io.netty:netty-common - 4.1.77.Final                             |
| ---------- | ----------------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------ |
| MEDIUM     | spring-security-crypto-5.6.3.jar    | CVE-2022-22976   | Upgrade to version org.springframework.security:spring-security-crypto:5.5.7,5.6.4                     |
*------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*

Vulnerable Paths

azure-spring-cloud-appconfiguration-config-2.7.0.jar
    |-- spring-cloud-context-3.1.2.jar
        |-- spring-security-crypto-5.6.3.jar [1 MEDIUM]
    |-- azure-core-http-netty-1.12.0.jar
        |-- netty-handler-4.1.76.Final.jar
            |-- netty-common-4.1.76.Final.jar [1 MEDIUM]

Jun 07 '22 10:06 DhavalShewale