search

xvik / gradle-quality-plugin

Gradle quality plugin for Java and Groovy
http://xvik.github.io/gradle-quality-plugin
MIT License
134 stars 11 forks source link

Security vulnerability in dom4j #16

Closed sebastianhaeni closed 5 years ago

sebastianhaeni commented 5 years ago

Dom4J has a security vulnerability CVE-2018-1000632.

Dependency tree current -> new:

All dependencies have newer versions that do not contain the vulnerability. Please update spotbugs-gradle-plugin to 1.6.11.

OWASP Dependency Check output:

dom4j-2.1.0.jar (pkg:maven/org.dom4j/dom4j@2.1.0, cpe:2.3:a:dom4j_project:dom4j:2.1.0:*:*:*:*:*:*:*) : CVE-2018-1000632
xvik commented 5 years ago

I will, of course, update versions, but how this vulnerability could affect you during gradle project build?