Vulnerabilities on release 0.6

Question

Vulnerabilities on release 0.6

Closed this issue 5 months ago · 1 comments

Dependency used:

<dependency>
    <groupId>com.github.kstyrc</groupId>
    <artifactId>embedded-redis</artifactId>
    <version>0.6</version>
    <scope>test</scope>
</dependency>

Transitive dependencies with vulnerabilities:

<dependency>
    <groupId>com.google.guava</groupId>
    <artifactId>guava</artifactId>
</dependency>
<dependency>
    <groupId>commons-io</groupId>
    <artifactId>commons-io</artifactId>
</dependency>

Report of vulnerabilities:

Provides transitive vulnerable dependency maven:com.google.guava:guava:18.0

CVE-2018-10237 5.9 Allocation of Resources Without Limits or Throttling vulnerability
CVE-2020-8908 3.3 Incorrect Permission Assignment for Critical Resource vulnerability
CVE-2023-2976 7.1 Files or Directories Accessible to External Parties vulnerability with High severity found

Answer 1 · 2024-04-20T04:02:05.000Z

This project apparently is dead, I recommend migrate to the other alternatives.