jsonapi-converter icon indicating copy to clipboard operation
jsonapi-converter copied to clipboard
verified publisher icon jasminb

CVE-2023-0833 5.5 Generation of Error Message Containing Sensitive Information vulnerability with Medium severity found

Open ben221199 opened this issue 1 year ago • 3 comments

When using the following Maven depency (this package), I get a CVE warning in my IDE:

<dependency>
	<groupId>com.github.jasminb</groupId>
	<artifactId>jsonapi-converter</artifactId>
	<version>0.13</version>
</dependency>

The CVE warning is the following:

CVE-2023-0833 5.5 Generation of Error Message Containing Sensitive Information vulnerability with Medium severity found

This is likely because of the following package:

maven:com.squareup.okhttp3:okhttp:3.12.0

ben221199 avatar Jul 24 '24 10:07 ben221199

There is still no stable version that fixes the CVE, s the impact is not high, I will have to wait until we get a stable okhttp release to upgrade to.

jasminb avatar Jul 31 '24 13:07 jasminb

Thanks for letting me know. I will wait too then. :D

ben221199 avatar Jul 31 '24 19:07 ben221199

You can also try excluding the problematic artefact as well in the interim.

jasminb avatar Jul 31 '24 20:07 jasminb