Justin Böhm

Results 1 issues of Justin Böhm

spring-cloud-starter-contract-stub-runner defines outdated sonatype sisu-inject-plexus version with vulnerability

3 comment

Hi, it seems that the `spring-cloud-starter-contract-stub-runner` has a transitive dependency on `plexus-utils:3.0.18`. This version of plexus-utils seems to be vulnerable: https://avd.aquasec.com/nvd/2022/cve-2022-4244/ From what I can tell, this dependency comes from...

dependencies