jes Hello! We found a vulnerable dependency in your project. Are you aware of it?

Hello! We found a vulnerable dependency in your project. Are you aware of it?

Open HelloMavenEco opened this issue 1 year ago • 0 comments

Hi! We spot a vulnerable dependency in your project, which might threaten your software. And we found that the vulnerable function of this CVE can be easily accessed from your software.

CVE_ID: CVE-2021-39154
Vulnerable dependency: com.thoughtworks.xstream:xstream
Your invocation path to the vulnerable method:

store.jesframework.serializer.XStreamSerializer:<init>(store.jesframework.serializer.TypeRegistry)
⬇️
com.thoughtworks.xstream.XStream:<init>(com.thoughtworks.xstream.io.HierarchicalStreamDriver)
⬇️
com.thoughtworks.xstream.XStream:<init>(com.thoughtworks.xstream.converters.reflection.ReflectionProvider,com.thoughtworks.xstream.mapper.Mapper,com.thoughtworks.xstream.io.HierarchicalStreamDriver)
⬇️
.....
⬇️
com.thoughtworks.xstream.XStream:setupSecurity()

Therefore, maybe you need to upgrade this dependency. Hope this can help you! 😄

Aug 23 '22 03:08 HelloMavenEco

jes jes copied to clipboard

Hello! We found a vulnerable dependency in your project. Are you aware of it?

jes
jes copied to clipboard