Security vulnerability in digraph-parser-1.0.jar

[ishaan007]

I am using digraph-parser to convert graphviz files to a graph data structure. On running dependency-checker (which is an open source tool to identify vulnerabilities in java applications), Jar of this digraph-parser module gets flagged as MEDIUM vulnerable . The message displayed is

The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE of the vulnerability is : https://nvd.nist.gov/vuln/detail/CVE-2012-5802

@os72 can some code changes be implemented to make digraph-parser more secure ?

[os72]

Must be some confusion, this is not the "PayPal module in Ubercart". digraph-parser doesn't deal with hostnames, certificates, etc. Also, the report is from 2012; digraph-parser was released in 2017 https://exchange.xforce.ibmcloud.com/vulnerabilities/79949

[os72]

Assuming non-issue, closing