search

exasol / azure-data-lake-storage-gen2-document-files-virtual-schema

Virtual Schema for document files on Azure Data Lake Storage Gen2
MIT License
0 stars 1 forks source link

Fix vulnerabilities CVE-2023-42503, CVE-2023-42503 and CVE-2023-4759 #37

Closed kaklakariada closed 11 months ago

kaklakariada commented 11 months ago 
Error:  Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project azure-data-lake-storage-gen2-document-files-virtual-schema: Detected 4 vulnerable components:
Error:    org.apache.commons:commons-compress:jar:1.22:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.22?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-42503] CWE-20: Improper Input Validation (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-42503?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    io.netty:netty-handler:jar:4.1.94.Final:compile; https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.94.Final?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-4586] CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') (6.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven&component-name=io.netty%2Fnetty-handler&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    org.xerial.snappy:snappy-java:jar:1.1.10.1:compile; https://ossindex.sonatype.org/component/pkg:maven/org.xerial.snappy/snappy-java@1.1.10.1?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-43642] CWE-770: Allocation of Resources Without Limits or Throttling (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-43642?component-type=maven&component-name=org.xerial.snappy%2Fsnappy-java&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    org.eclipse.jgit:org.eclipse.jgit:jar:6.3.0.202209071007-r:test; https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.3.0.202209071007-r?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-4759] CWE-178: Improper Handling of Case Sensitivity (8.8); https://ossindex.sonatype.org/vulnerability/CVE-2023-4759?component-type=maven&component-name=org.eclipse.jgit%2Forg.eclipse.jgit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1