Closed liming1010 closed 3 weeks ago
To address the CVE-2022-42889 vulnerability in the HugeGraph Java client version 1.3, you need to update the Apache Commons Text library to version 1.10.0 or later. This vulnerability is related to the Apache Commons Text library, which is used for string interpolation and can be exploited if not properly updated.
Here is how you can update the dependency in your pom.xml
file if you are using Maven:
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
If you are using Gradle, you can update the dependency in your build.gradle
file:
implementation 'org.apache.commons:commons-text:1.10.0'
Make sure to rebuild your project after updating the dependency to ensure that the new version is being used [1].
To continue talking to Dosu, mention @dosu.
ok, thanks
Problem Type (问题类型)
others (please edit later)
Before submit
Environment (环境信息)
Your Question (问题描述)
1.3版本的java客户端,出现 Vulnerability found in dependency: CVE-2022-42889 9.8 Transitive Improper Control of Generation of Code ("Code Injection") vulnerability with High severity found 经查询,这是个洞![QQ截图20240607160825](https://github.com/apache/incubator-hugegraph/assets/16507967/67333970-54a1-42ab-92b6-03e53ab7eea6)
Vertex/Edge example (问题点 / 边数据举例)
No response
Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)
No response