I just wanted to report an issue regarding CVEs found in this project.
Background:
I did two different tests
Test 1 - download this repository with branch 3.1.0
test 2 - use this project at version 3.1.0 in a Spring Boot 2.6.6 + Spring Cloud Jubilee 2021.0.1 web app project
(everything latest as of this writing)
For both, I run multiple static analysis tools, such as Back Duck, SonarQube, OWASP Dependency-Check, etc...
For both test, I am seeing those issues:
CVE-2013-4152
CVE-2013-7315
CVE-2014-0054
CVE-2014-0225
May I ask if it is possible to help fix those CVEs please?
This is not to make some static analysis tools happy, but rather to address some real security issues.
Hello Spring State machine Team,
I just wanted to report an issue regarding CVEs found in this project.
Background: I did two different tests Test 1 - download this repository with branch 3.1.0 test 2 - use this project at version 3.1.0 in a Spring Boot 2.6.6 + Spring Cloud Jubilee 2021.0.1 web app project (everything latest as of this writing)
For both, I run multiple static analysis tools, such as Back Duck, SonarQube, OWASP Dependency-Check, etc...
For both test, I am seeing those issues: CVE-2013-4152 CVE-2013-7315 CVE-2014-0054 CVE-2014-0225
May I ask if it is possible to help fix those CVEs please?
This is not to make some static analysis tools happy, but rather to address some real security issues.
Thank you