pact-jvm icon indicating copy to clipboard operation
pact-jvm copied to clipboard

Published 20 hours ago verified publisher icon pact-foundation

Patch vulnerable dependencies

Open victorherraiz opened this issue 11 months ago • 1 comments

There are several vulnerable dependencies>

https://mvnrepository.com/artifact/au.com.dius.pact.consumer/junit5/4.6.7

victorherraiz avatar Mar 25 '24 10:03 victorherraiz

au.com.dius.pact.consumer:junit5:4.6.11 now has different vulnerabilities from dependencies according to Maven Central:

https://mvnrepository.com/artifact/au.com.dius.pact.consumer/junit5/4.6.11

IntelliJ IDEA communicates even more:

  • Provides transitive vulnerable dependency maven:com.google.guava:guava:31.1-jre CVE-2023-2976 7.1 Files or Directories Accessible to External Parties vulnerability with High severity foundResults powered by Checkmarx(c)

  • Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2 Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability with High severity foundResults powered by Checkmarx(c)

  • Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.21 CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity foundResults powered by Checkmarx(c)

Harmelodic avatar Aug 01 '24 17:08 Harmelodic