Closed morazow closed 11 months ago
From daily checks:
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project cloud-storage-extension: Detected 1 vulnerable components: Error: com.squareup.okio:okio:jar:2.8.0:compile; https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okio/okio@2.8.0?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 Error: * [CVE-2023-3635] CWE-681: Incorrect Conversion between Numeric Types (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-3635?component-type=maven&component-name=com.squareup.okio%2Fokio&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 Error: Error: Excluded vulnerabilities: Error: - [CVE-2020-36641] CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2020-36641?component-type=maven&component-name=fr.turri%2FaXMLRPC&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 Error: - [CVE-2020-21485] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (6.1); https://ossindex.sonatype.org/vulnerability/CVE-2020-21485?component-type=maven&component-name=org.alluxio%2Falluxio-core-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 Error: - [CVE-2023-33546] CWE-787: Out-of-bounds Write (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-33546?component-type=maven&component-name=org.codehaus.janino%2Fjanino&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
From daily checks: