Vulnerabilities in Audit Logging service - Githubissues

SAP / cloud-sdk

The SAP Cloud SDK documentation and support repository.

https://sap.github.io/cloud-sdk/

Apache License 2.0

44 stars 41 forks source link

Vulnerabilities in Audit Logging service #899

Closed Anuj07Mehta closed 2 years ago

Anuj07Mehta commented 2 years ago

Hi,

We are form SAP Discovery Center Team and our landscape is running on SAP BTP NEO. For Audit logging , we are using the following dependency:

com.sap.cloud.s4hana.cloudplatform : auditlog-scp-neo of version 1.11.1

But If we see in the maven repository It shows the following Vulnerabilities from this dependency:

CVE-2020-8908 CVE-2020-15250 CVE-2018-10237

here is the link to know more about these Vulnerabilities. https://mvnrepository.com/artifact/com.sap.cloud.s4hana.cloudplatform/auditlog-scp-neo/1.11.1

So could you please fix these vulnerabilities in this version or suggest what should we do to avoid these Vulnerabilities.

Thanks a lot !

Best Regards,

Anuj

MatKuhr commented 2 years ago

Hi Anuj, not sure if you discovered this by yourself in the mean time, but you are using a very outdated version of that library. The most recent one can be found here and is currently 3.71.0.