Update libraries

Question

Update libraries

Closed this issue 2 years ago · 1 comments

We have to have kafkaer.jar scanned as part of our deployment flow and it comes up with the following vulnerabilities that may or may not be completely accurate.

avro 1.9.2 java-archive CVE-2021-43045 High

commons-beanutils 1.9.3 java-archive CVE-2019-10086 High

commons-beanutils 1.9.3 1.9.4 java-archive GHSA-6phf-73q6-gh87 High

commons-compress 1.19 java-archive CVE-2021-36090 High

commons-compress 1.19 java-archive CVE-2021-35515 High

commons-compress 1.19 1.21 java-archive GHSA-crv7-7245-f45f High

commons-compress 1.19 java-archive CVE-2021-35516 High

commons-compress 1.19 1.21 java-archive GHSA-xqfj-vm6h-2x34 High

commons-compress 1.19 java-archive CVE-2021-35517 High

commons-compress 1.19 1.21 java-archive GHSA-7hfm-57qf-j43q High

commons-compress 1.19 1.21 java-archive GHSA-mc84-pj99-q6hh High

commons-configuration2 2.4 2.8.0 java-archive GHSA-xj57-8qj4-c4m6 Critical

commons-configuration2 2.4 2.7 java-archive GHSA-7qx4-pp76-vrqh Critical

jackson-databind 2.10.2 2.10.5.1 java-archive GHSA-288c-cq4h-88gq High

jackson-databind 2.10.2 java-archive CVE-2020-25649 High

jackson-databind 2.10.2 java-archive CVE-2020-36518 High

jackson-databind 2.10.2 2.12.6.1 java-archive GHSA-57j2-w4cx-62h2 High

Answer 1 · 2022-07-26T19:28:56.000Z

Fixed by #23