istio-java-api icon indicating copy to clipboard operation
istio-java-api copied to clipboard

Published 20 hours ago verified publisher icon snowdrop

CVE After upgrading to 1.7.7.1

Open vijeyanidhi opened this issue 2 years ago • 0 comments

Hi all, We are running a OWSAP dependency checker and got the following CVE

CVE-2022-23635 -> CWE-287

Location Component Name Component Version Group
istio-model-1.7.7.1 me.snowdrop:istio-model 1.7.7.1 N

  1. Is https://mvnrepository.com/artifact/me.snowdrop/istio-client/1.7.7.1 EOL ? Is that why there are no new versions have been released since Feb 2021?

  2. When does me.snowdrop/istio-client is planning to release a new version that has the fix for CVE-2022-23635 ?

Please review my above query and a quick response is highly appreciated.

Thank you.

vijeyanidhi avatar Mar 09 '22 16:03 vijeyanidhi