DoodleBobBuffPants
commented
3 years ago Closing as should be fixed in latest
Closed StephenWikeTBCT closed 3 years ago
DoodleBobBuffPants
commented
3 years ago Closing as should be fixed in latest
Which version and edition of Flyway are you using?
flyway/flyway:7.8.2-alpine
If this is not the latest version, can you reproduce the issue with the latest one as well? (Many bugs are fixed in newer releases and upgrading will often resolve the issue)
Using the latest docker tag
Which client are you using? (Command-line, Java API, Maven plugin, Gradle plugin)
command-line
Which database are you using? (Type & version)
PostgreSQL using docker image postgres:10.16-alpine
Which operating system are you using?
Inside the docker container: alpine linux Externally:
What did you do? (Please include the content causing the issue, any relevant configuration settings, the SQL statement(s) that failed (if any), and the command you ran)
Using JFrog Xray to scan the docker image for violations finds a violation.
Details
Summary: An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. an exception is thrown from a function, but it is not caught, as demonstrated by numberformatexception. when it is not caught, it may cause programs using the library to crash or expose sensitive information.
Infected Component: Net.minidev:json-smart
Severity: Critical
Fix Version: 2.4
References: https://github.com/netplex/json-smart-v1/issues/7 https://github.com/netplex/json-smart-v2/issues/60
CVE: CVE-2021-27568 https://nvd.nist.gov/vuln/detail/CVE-2021-27568
What did you expect to see?
Expected to so zero violations.
What did you see instead?
A violation was found.
Steps to reproduce.
scan image using jFrog Xray or similar tool.