search

exasol / cloud-storage-extension

Exasol Cloud Storage Extension for accessing formatted data Avro, Orc and Parquet, on public cloud storage systems
MIT License
7 stars 11 forks source link

ossindex-maven-plugin fails because of vulnerable dependencies #207

Closed kaklakariada closed 2 years ago

kaklakariada commented 2 years ago 
Error:  Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project cloud-storage-extension: Detected 9 vulnerable components:
Error:    com.squareup.okhttp:okhttp:jar:2.7.5:compile; https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp/okhttp@2.7.5?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2021-0341] CWE-295: Improper Certificate Validation (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2021-0341?component-type=maven&component-name=com.squareup.okhttp%2Fokhttp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * 1 vulnerability found (5.9); https://ossindex.sonatype.org/vulnerability/sonatype-2018-0035
Error:    io.netty:netty-handler:jar:4.1.77.Final:compile; https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.77.Final?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * 1 vulnerability found (6.5); https://ossindex.sonatype.org/vulnerability/sonatype-2020-0026
Error:    org.apache.hadoop:hadoop-common:jar:3.3.2:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.hadoop/hadoop-common@3.3.2?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2022-26612] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2022-26612?component-type=maven&component-name=org.apache.hadoop%2Fhadoop-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    commons-codec:commons-codec:jar:1.11:compile; https://ossindex.sonatype.org/component/pkg:maven/commons-codec/commons-codec@1.11?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * 1 vulnerability found (5.3); https://ossindex.sonatype.org/vulnerability/sonatype-2012-0050
Error:    org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile; https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2017-7525] CWE-184: Incomplete Blacklist (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2017-7525?component-type=maven&component-name=org.codehaus.jackson%2Fjackson-mapper-asl&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2019-10172] CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2019-10172?component-type=maven&component-name=org.codehaus.jackson%2Fjackson-mapper-asl&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    io.grpc:grpc-core:jar:1.46.0:compile; https://ossindex.sonatype.org/component/pkg:maven/io.grpc/grpc-core@1.46.0?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * 1 vulnerability found (6.5); https://ossindex.sonatype.org/vulnerability/sonatype-2021-0818
Error:    com.google.oauth-client:google-oauth-client:jar:1.24.1:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.24.1?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2020-7692] CWE-863: Incorrect Authorization (9.1); https://ossindex.sonatype.org/vulnerability/CVE-2020-7692?component-type=maven&component-name=com.google.oauth-client%2Fgoogle-oauth-client&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2021-22573] CWE-347: Improper Verification of Cryptographic Signature (7.3); https://ossindex.sonatype.org/vulnerability/CVE-2021-22573?component-type=maven&component-name=com.google.oauth-client%2Fgoogle-oauth-client&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    com.google.guava:guava:jar:31.1-jre:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@31.1-jre?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * 1 vulnerability found (6.2); https://ossindex.sonatype.org/vulnerability/sonatype-2020-0926
Error:    org.apache.spark:spark-core_2.13:jar:3.2.1:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.spark/spark-core_2.13@3.2.1?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * 1 vulnerability found (8.8); https://ossindex.sonatype.org/vulnerability/sonatype-2022-2430
Error:  -> [Help 1]