Open GumpacG opened 1 year ago
What is the bug? The project uses jetty version 11.0.14 while the versions with fixes are not yet available.
From workflow:
CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue WS-2023-0236 Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-xml/11.0.14/30210aaf71149eb446ce9cb0b659472d0f7d1ab5/jetty-xml-11.0.14.jar
Dependency Hierarchy:
-> wiremock-3.0.0-beta-2.jar (Root Library)
-> jetty-webapp-11.0.14.jar
-> ❌ jetty-xml-11.0.14.jar (Vulnerable Library)
Low 3.9 jetty-xml-11.0.14.jar Upgrade to version: org.eclipse.jetty:jetty-xml:10.0.16,11.0.16,12.0.0 https://github.com/opensearch-project/sql-jdbc/issues/59
What is the bug? The project uses jetty version 11.0.14 while the versions with fixes are not yet available.
From workflow:
CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue WS-2023-0236 Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-xml/11.0.14/30210aaf71149eb446ce9cb0b659472d0f7d1ab5/jetty-xml-11.0.14.jar
Dependency Hierarchy:
-> wiremock-3.0.0-beta-2.jar (Root Library)
-> jetty-webapp-11.0.14.jar
Low 3.9 jetty-xml-11.0.14.jar Upgrade to version: org.eclipse.jetty:jetty-xml:10.0.16,11.0.16,12.0.0 https://github.com/opensearch-project/sql-jdbc/issues/59