Dhanxi
commented
7 months ago Does anyone know why a vulnerability from 2016 is being reported now? and that the latest library versions are from 2023.
I have also opened an issue with Primavera.
Open Dhanxi opened 7 months ago
Dhanxi
commented
7 months ago Does anyone know why a vulnerability from 2016 is being reported now? and that the latest library versions are from 2023.
I have also opened an issue with Primavera.
Dhanxi
commented
7 months ago Excuse @jeremylong , this is a false positive or any information?
Dhanxi
commented
7 months ago imore information: Included by: pkg:maven/org.springframework.boot/spring-boot-gradle-plugin@3.2.0 pkg:maven/org.springframework.boot/spring-boot-gradle-plugin@3.2.0
but in 3.2.2 vulnerability remains
jeremylong
Hello team,
I have a question regarding a vulnerability with CVE 2016-9878. It has recently appeared in my project which I am compiling with java 17 and with spring springframework.boot 3.2.1. I also have the library spring.dependency-management.gradle.plugin:1.1.4' released on November 23.
If I have everything updated, why I have not been mitigated, is it a false positive, please if you can help me with this please.