dependency-check-gradle icon indicating copy to clipboard operation
dependency-check-gradle copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

CVEs caused by dependency check gradle plugin itself?

Open ghost opened this issue 2 years ago • 0 comments

I am using the gradle plugin in version 8.2.1. The task dependencyCheckAnalyze gives me three CVEs, which all seem to be transitive dependencies of the plugin itself:

  • guava-31.1-jre.jar (CVE-2020-8908)
  • h2-2.1.214.jar (CVE-2022-45868)
  • snakeyaml-1.33.jar (CVE-2022-1471)

ghost avatar Apr 05 '23 17:04 ghost