Fix CVE-2023-43642 in `org.xerial.snappy:snappy-java`

Question

Fix CVE-2023-43642 in `org.xerial.snappy:snappy-java`

Closed this issue a year ago · 0 comments

 Error:  Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (audit) on project virtual-schema-common-document-files: Detected 1 vulnerable components:
Error:    org.xerial.snappy:snappy-java:jar:1.1.10.1:compile; https://ossindex.sonatype.org/component/pkg:maven/org.xerial.snappy/snappy-java@1.1.10.1?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:      * [CVE-2023-43642] CWE-770: Allocation of Resources Without Limits or Throttling (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-43642?component-type=maven&component-name=org.xerial.snappy%2Fsnappy-java&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1

This is blocked by exasol/parquet-io-java#62