bcrypt icon indicating copy to clipboard operation
bcrypt copied to clipboard

Published 20 hours ago verified publisher icon patrickfav

(only test scope): bcprov-jdk15on package version 1.60 is vulnerable to CVE-2020-15522

Open Abderrahman-byte opened this issue 3 years ago • 2 comments

bcprov-jdk15on package must be updated to version 1.70

Abderrahman-byte avatar Jan 23 '22 13:01 Abderrahman-byte

@patrickfav Hi there, is this lib still being maintained?

wvandermerwe avatar Sep 09 '22 05:09 wvandermerwe

Hi,

First, thanks for reporting the CVE!

However, this is a non-issue since bcprov-jdk15on is ONLY used in the TEST scope and is not a dependency during runtime. The test is also just check if the output is compatible with the output of bouncy castle (a regression test so to speak).

Screenshot 2022-09-11 130047

I will soon update all the dependencies, therefore also this dependency (need to migrate away from Jcenter).

patrickfav avatar Sep 11 '22 11:09 patrickfav

This warning is now fixed with 0.10.0

patrickfav avatar Feb 11 '23 15:02 patrickfav