search

metabase / saml20-clj

A Clojure SAML 2.0 library for SSO
35 stars 12 forks source link

High Level Vulnerability in Dependent Library #88

Open kevin-ewing opened 2 months ago

kevin-ewing commented 2 months ago

Infinite loop high level vulnerability found in dependent library snyk vulnerability, CVE.

Dependency path: metabase:saml20-clj@2.2.4 > org.cryptacular:cryptacular@1.2.5 > org.bouncycastle:bcprov-jdk18on@1.71

Issue fixed in org.bouncycastle:bcprov-jdk18on@1.78

kevin-ewing commented 2 weeks ago

Any traction on this issue?