search

google / depan

DepAn is a direct manipulation tool for visualization, analysis, and refactoring of dependencies in large applications.
http://google.github.io/depan
Apache License 2.0
89 stars 20 forks source link

There is a vulnerability in XStream 1.4.10 ,upgrade recommended #61

Open QiAnXinCodeSafe opened 3 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/google/depan/blob/a761d9e0c71d7b970fb1969192f54698939da6d4/depan-xstream-library/pom.xml#L17-L21

CVE-2019-10173

Recommended upgrade version:1.4.10.redhat-1 latest version:1.4.13-java7