[DepShield] Usage of org.codehaus.groovy:groovy-all:2.1.5 results in vulnerability to [CVE-2015-3253] Improper Neutralization of Special Elements in Output Used by a Downstream Component ("Injection")

sonatype-depshield[bot] commented 6 years ago

This application's usage of org.codehaus.groovy:groovy-all:2.1.5 causes a vulnerability to [CVE-2015-3253] Improper Neutralization of Special Elements in Output Used by a Downstream Component ("Injection") with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2015-3253] Improper Neutralization of Special Elements in Output Used by a Downstream Component ("Injection").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

jdillon commented 6 years ago

https://github.com/groovy/gmaven/commit/97f6ff1b8c0eea0eb607817dfb0d9ea4eea9a461

sonatype-depshield[bot] commented 5 years ago

Thank you for being an early adopter of DepShield. In an effort provide a more component-centric view of vulnerabilities we are consolidating your issue(s), moving them to a new format, and closing this issue. You can find the new issue here: #16

groovy / gmaven

[DepShield] Usage of org.codehaus.groovy:groovy-all:2.1.5 results in vulnerability to [CVE-2015-3253] Improper Neutralization of Special Elements in Output Used by a Downstream Component ("Injection") #11