search

imgix / imgix-java

A Java client library for generating URLs with imgix
https://www.imgix.com
BSD 2-Clause "Simplified" License
19 stars 8 forks source link

CVE in Java SDK #57

Closed saarthakgupta closed 4 years ago

saarthakgupta commented 4 years ago

Hello,

There is a published CVE in the Java SDK affecting the latest version too. The CVE is https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aimgix&cpe_product=cpe%3A%2F%3Aimgix%3Aimgix&cpe_version=cpe%3A%2F%3Aimgix%3Aimgix%3A2.3.0

Also attched is the screengrab from my development machine detailing the CVE.

Are there any plans to fix this in a future update ?

Thank you for your attention.

Screenshot 2020-07-12 at 12 25 06
sherwinski commented 4 years ago

Hi @saarthakgupta :wave:

Thank you for bringing this to our attention. Luckily, this issue was addressed last year and our team is working on getting the CVE updated now. If you have further questions, feel free to reach out here or on our support line at support@imgix.com.