openvsx [Vulnerability] spring-webmvc 5.3.1 in docker image openvsx-server (CVE-2022-22965)

[Vulnerability] spring-webmvc 5.3.1 in docker image openvsx-server (CVE-2022-22965)

Open amtadev opened this issue 2 years ago • 1 comments

I downloaded and scanned openvsx-server docker image version 72706d1, and found that it has/uses/references spring-webmvc 5.3.1 (CVE-2022-22965)

could you confirm if this is actually used within the image? And if yes, are there any plans to update it to >= 5.3.18?

Jun 08 '22 13:06 amtadev

Jun 10 '22 11:06 amtadev