Hi cdk-depict dev team,
a trivy scan found two critical security issues on cdk-depict.. Do you know if the vulnerabilities are accessible via user input? (SMILS, SMARTS,..)
org.springframework:spring-core
CVE-2018-1270
CRITICAL
4.2.6.RELEASE
4.3.16, 5.0.5
spring-framework: Possible RCE via spring messaging -->avd.aquasec.com/nvd/cve-2018-1270
CVE-2018-1275
5.0.5, 4.3.16
spring-framework: Address partial fix for CVE-2018-1270 -->avd.aquasec.com/nvd/cve-2018-1275
org.springframework:spring-core
CVE-2018-1270
CRITICAL
4.2.6.RELEASE
4.3.16, 5.0.5
spring-framework: Possible RCE via spring messaging -->avd.aquasec.com/nvd/cve-2018-1270
CVE-2018-1275
5.0.5, 4.3.16
spring-framework: Address partial fix for CVE-2018-1270 -->avd.aquasec.com/nvd/cve-2018-1275
a trivy scan found two critical security issues on cdk-depict.. Do you know if the vulnerabilities are accessible via user input? (SMILS, SMARTS,..)