Hi, @nicolobidotti, @andr3a87, I'd like to report a vulnerability issue in it.agilelab:wasp-model_2.11:2.28.1-cdp717.
Issue Description
I noticed that it.agilelab:wasp-model_2.11:2.28.1-cdp717 directly depends on com.github.luben:zstd-jni:v1.4.3-1 in the pom. However, as shown in the following dependency graph, com.github.luben:zstd-jni:v1.4.3-1 sufferes from the vulnerability which the C library zstd(version:1.4.3) exposed: CVE-2021-24032.
Dependency Graph between Java and Shared Libraries
Suggested Vulnerability Patch Versions
com.github.luben:zstd-jni:v1.4.9-1 (>=v1.4.9-1) has upgraded this vulnerable C library zstd to the patch version 1.4.9.
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade this vulnerable dependency?
Thanks for your help~
Best regards,
Helen Parr
Hi, @nicolobidotti, @andr3a87, I'd like to report a vulnerability issue in it.agilelab:wasp-model_2.11:2.28.1-cdp717.
Issue Description
I noticed that it.agilelab:wasp-model_2.11:2.28.1-cdp717 directly depends on com.github.luben:zstd-jni:v1.4.3-1 in the pom. However, as shown in the following dependency graph, com.github.luben:zstd-jni:v1.4.3-1 sufferes from the vulnerability which the C library zstd(version:1.4.3) exposed: CVE-2021-24032.
Dependency Graph between Java and Shared Libraries
Suggested Vulnerability Patch Versions
com.github.luben:zstd-jni:v1.4.9-1 (>=v1.4.9-1) has upgraded this vulnerable C library
zstdto the patch version 1.4.9.Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade this vulnerable dependency?
Thanks for your help~
Best regards,
Helen Parr