Closed feffi closed 4 years ago
Fix/mitigation is dependent on https://github.com/apereo/java-cas-client/issues/191
for a parent list, have a look at: https://github.com/jooby-project/jooby/issues/1129
Same here a transitive dependency from pac4j:
[INFO] +- org.pac4j:pac4j-cas:jar:2.2.1:compile
[INFO] | +- org.jasig.cas.client:cas-client-core:jar:3.4.1:compile
[INFO] | \- org.jasig.cas.client:cas-client-support-saml:jar:3.4.1:compile
dependencies are automatically updated with dependabot now
✗ High severity vulnerability found on org.jasig.cas.client:cas-client-core@3.4.1