search

plaid / plaid-link-android

Plaid Link Android SDK
https://plaid.com/docs/link/android
MIT License
114 stars 48 forks source link

Plaid SDK introduces high and medium security vulnerabilities from com.google.protobuf dependency #244

Open dmytroKarataiev opened 1 year ago

dmytroKarataiev commented 1 year ago

The problem

Snyk security check found three security vulnerabilities in the Plaid 3.10-3.11 SDKs: https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167771 https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040281 https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040280

Expected Result

Security vulnerabilities have been fixed in the following dependencies: Upgrade com.google.protobuf:protobuf-javalite to version 3.16.3, 3.19.6, 3.20.3, 3.21.7 or higher. Upgrade com.google.protobuf:protobuf-kotlin-lite to version 3.16.3, 3.19.6, 3.20.3, 3.21.7 or higher.