Remove vulnerable package SharpCompress CVE-2021-39208 Score: 4.3

jube-home / jube

Jube is an open-source software designed for monitoring transactions and events. It offers a range of powerful features including real-time data wrangling, artificial intelligence, decision making, and case management. Jube's exceptional performance is particularly evident in its application to fraud prevention and abuse detection scenarios.

https://www.jube.io

GNU Affero General Public License v3.0

27 stars 2 forks source link

Remove vulnerable package SharpCompress CVE-2021-39208 Score: 4.3 #15

Open richard-churchman opened 8 months ago

richard-churchman commented 8 months ago

OOdana static analysis highlighted a medium severity vulnerable package in use.

The package is not implemented and has already been refactored away from.

richard-churchman commented 7 months ago

This has been upgraded by Dependabot but it is not in use, so while it should not be vulnerable, it still needs to be removed.