Vulnerabilities on release 0.6
Closed this issue · 1 comments
jonathanmdr commented
Dependency used:
<dependency>
<groupId>com.github.kstyrc</groupId>
<artifactId>embedded-redis</artifactId>
<version>0.6</version>
<scope>test</scope>
</dependency>
Transitive dependencies with vulnerabilities:
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
Report of vulnerabilities:
Provides transitive vulnerable dependency maven:com.google.guava:guava:18.0
- CVE-2018-10237 5.9 Allocation of Resources Without Limits or Throttling vulnerability
- CVE-2020-8908 3.3 Incorrect Permission Assignment for Critical Resource vulnerability
- CVE-2023-2976 7.1 Files or Directories Accessible to External Parties vulnerability with High severity found
jonathanmdr commented
This project apparently is dead, I recommend migrate to the other alternatives.