search

exasol / cloud-storage-extension

Exasol Cloud Storage Extension for accessing formatted data Avro, Orc and Parquet, on public cloud storage systems
MIT License
7 stars 11 forks source link

Dependency Check Failure #247

Closed morazow closed 1 year ago

morazow commented 1 year ago 
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  15.282 s
[INFO] Finished at: 2023-06-07T02:27:57Z
[INFO] ------------------------------------------------------------------------
Error:  Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project cloud-storage-extension: Detected 2 vulnerable components:
Error:    org.codehaus.janino:janino:jar:3.0.16:compile; https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.janino/janino@3.0.16?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-33546] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-33546?component-type=maven&component-name=org.codehaus.janino%2Fjanino&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    com.google.guava:guava:jar:31.1-jre:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@31.1-jre?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-2976] CWE-378: Creation of Temporary File With Insecure Permissions (6.2); https://ossindex.sonatype.org/vulnerability/CVE-2023-2976?component-type=maven&component-name=com.google.guava%2Fguava&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:  
Error:  Excluded vulnerabilities:
Error:    - [CVE-2019-10172] CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2019-10172?component-type=maven&component-name=org.codehaus.jackson%2Fjackson-mapper-asl&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    - [CVE-2020-36641] CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2020-36641?component-type=maven&component-name=fr.turri%2FaXMLRPC&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    - [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions (6.2); https://ossindex.sonatype.org/vulnerability/CVE-2020-8908?component-type=maven&component-name=com.google.guava%2Fguava&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    - [CVE-2023-22946] CWE-269: Improper Privilege Management (9.9); https://ossindex.sonatype.org/vulnerability/CVE-2023-22946?component-type=maven&component-name=org.apache.spark%2Fspark-core_2.13&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:    - [CVE-2017-7525] CWE-184: Incomplete Blacklist (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2017-7525?component-type=maven&component-name=org.codehaus.jackson%2Fjackson-mapper-asl&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:  -> [Help 1]
Error:  
Error:  To see the full stack trace of the errors, re-run Maven with the -e switch.
Error:  Re-run Maven using the -X switch to enable full debug logging.
Error:  
Error:  For more information about the errors and possible solutions, please read the following articles:
Error:  [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Error: Process completed with exit code 1.