elgalu
commented
3 years ago This is a problem upstream in selenium.jar however not relevant as you are not exposing selenium to the internet, is just an intranet testing tool, should only be exposed to your CI/CD env. I'll leave this issue open in case you want to send a PR fixing it.
The following dependencies were found as critically vulnerable when scanned by twistlock. Would it be possible to update these dependencies to bring it back into compliance?
io.netty_netty-all fixed in 4.1.46 org.apache.logging.log4j_log4j-api fixed in 2.8.2 org.eclipse.jetty_jetty-io 9.4.11 com.fasterxml.jackson.core_jackson-databind fixed in 2.10.0