search

fecgov / openFEC

The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
https://api.open.fec.gov/developers
Other
481 stars 106 forks source link

[Snyk:Medium] org.threeten:threetenbp (Due: 06/17/2024) #5794

Closed tmpayton closed 5 months ago

tmpayton commented 7 months ago

Introduced through org.flywaydb:flyway-commandline@10.10.0

Exploit maturity NO KNOWN EXPLOIT

Detailed paths Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.10.0 › com.google.cloud:google-cloud-spanner-jdbc@2.11.1 › org.threeten:threetenbp@1.6.8 Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.10.0 › com.google.cloud:google-cloud-storage@2.22.5 › org.threeten:threetenbp@1.6.8

Security information Factors contributing to the scoring: Snyk: CVSS 6.2 - Medium Severity

NVD: Not available. NVD has not yet published its analysis. Why are the scores different? Learn how Snyk evaluates vulnerability scores

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition) method, when the string is empty, the parameter index is 10, and the errorIndex is 10.

Completion Criteria

tmpayton commented 5 months ago

Closing this issue because we have already upgraded past 10.10 to 10.12 https://github.com/fecgov/openFEC/pull/5825 and we are no longer getting a vulnerability in snyk. image