High risk vulnerability.

casbin / jcasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Java

https://casbin.org

Apache License 2.0

2.38k stars 461 forks source link

High risk vulnerability. #348

Closed donbing007 closed 1 year ago

donbing007 commented 1 year ago

Cx78f40514-81ff

jcasbin 1.33.1

Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2 Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation

casbin-bot commented 1 year ago

@tangyang9464 @imp2002

hsluoyz commented 1 year ago

jCasbin doesn't use the commons-collections dependency in pom.xml, so this security hole has nothing much to do with jCasbin. Closed here