exasol/virtual-schema-common-document-files

Fix vulnerabilites in dependencies

Closed this issue · 0 comments

kaklakariada commented 
[ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project virtual-schema-common-document-files: Detected 10 vulnerable components:
[ERROR]   com.squareup.okhttp:okhttp:jar:2.7.5:compile; https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp/okhttp@2.7.5?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2021-0341] CWE-295: Improper Certificate Validation (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2021-0341?component-type=maven&component-name=com.squareup.okhttp%2Fokhttp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [sonatype-2018-0035] CWE-20: Improper Input Validation (5.9); https://ossindex.sonatype.org/vulnerability/sonatype-2018-0035?component-type=maven&component-name=com.squareup.okhttp%2Fokhttp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   io.netty:netty-common:jar:4.1.72.Final:test; https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-common@4.1.72.Final?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2022-24823] CWE-668: Exposure of Resource to Wrong Sphere (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2022-24823?component-type=maven&component-name=io.netty%2Fnetty-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   org.apache.hadoop:hadoop-common:jar:3.3.1:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.hadoop/hadoop-common@3.3.1?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2022-26612] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2022-26612?component-type=maven&component-name=org.apache.hadoop%2Fhadoop-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   com.google.guava:guava:jar:31.0.1-jre:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@31.0.1-jre?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [sonatype-2020-0926] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions (6.2); https://ossindex.sonatype.org/vulnerability/sonatype-2020-0926?component-type=maven&component-name=com.google.guava%2Fguava&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   io.netty:netty-handler:jar:4.1.72.Final:test; https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.72.Final?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [sonatype-2020-0026] CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') (6.5); https://ossindex.sonatype.org/vulnerability/sonatype-2020-0026?component-type=maven&component-name=io.netty%2Fnetty-handler&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   org.apache.xmlrpc:xmlrpc-common:jar:3.1.3:test; https://ossindex.sonatype.org/component/pkg:maven/org.apache.xmlrpc/xmlrpc-common@3.1.3?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2016-5003] CWE-502: Deserialization of Untrusted Data (9.8); https://ossindex.sonatype.org/vulnerability/CVE-2016-5003?component-type=maven&component-name=org.apache.xmlrpc%2Fxmlrpc-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2016-5002] CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (7.8); https://ossindex.sonatype.org/vulnerability/CVE-2016-5002?component-type=maven&component-name=org.apache.xmlrpc%2Fxmlrpc-common&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   com.google.protobuf:protobuf-java:jar:2.5.0:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.protobuf/protobuf-java@2.5.0?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2021-22569] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2021-22569?component-type=maven&component-name=com.google.protobuf%2Fprotobuf-java&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   commons-codec:commons-codec:jar:1.11:compile; https://ossindex.sonatype.org/component/pkg:maven/commons-codec/commons-codec@1.11?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
[ERROR]     * [sonatype-2012-0050] CWE-20: Improper Input Validation (5.3); https://ossindex.sonatype.org/vulnerability/sonatype-2012-0050?component-type=maven&component-name=commons-codec%2Fcommons-codec&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
[ERROR]   org.apache.xmlrpc:xmlrpc-client:jar:3.1.3:test; https://ossindex.sonatype.org/component/pkg:maven/org.apache.xmlrpc/xmlrpc-client@3.1.3?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [CVE-2016-5004] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (6.5); https://ossindex.sonatype.org/vulnerability/CVE-2016-5004?component-type=maven&component-name=org.apache.xmlrpc%2Fxmlrpc-client&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]   com.google.code.gson:gson:jar:2.2.4:compile; https://ossindex.sonatype.org/component/pkg:maven/com.google.code.gson/gson@2.2.4?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
[ERROR]     * [sonatype-2021-1694] CWE-502: Deserialization of Untrusted Data (7.5); https://ossindex.sonatype.org/vulnerability/sonatype-2021-1694?component-type=maven&component-name=com.google.code.gson%2Fgson&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1