Dependency upgrade
ckunki opened this issue · 0 comments
ckunki commented
See log messages from build job Dependency Check:
- io.netty:netty-handler:jar:4.1.86.Final in runtime
- CVE-2023-34462, severity CWE-770: Allocation of Resources Without Limits or Throttling (6.5)
- org.xerial.snappy:snappy-java:jar:1.1.8.3 in compile
- CVE-2023-34453, severity CWE-190: Integer Overflow or Wraparound (7.5)
- CVE-2023-34454, severity CWE-190: Integer Overflow or Wraparound (7.5)
- CVE-2023-34455, severity CWE-770: Allocation of Resources Without Limits or Throttling (7.5)
Excluded vulnerabilities:
- [CVE-2020-36641] CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2020-36641?component-type=maven&component-name=fr.turri%2FaXMLRPC&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1