Published CVE's in Swift text table

Question

Published CVE's in Swift text table

Divya-Somasundaram opened this issue 4 years ago · 2 comments

Divya-Somasundaram commented 4 years ago

Our OWASP third party scan tool reported 4 published CVE's in SwiftyTextTable library version 0.9.0 which were listed below.
CVE-2015-9251
CVE-2019-11358
CVE-2020-11022
CVE-2020-11023
Is there a plan to resolve this and If there is a plan when we can expect the new version of library.

Answer 1 · 2021-03-11T08:30:01.000Z

All of the CVE's seem related to jQuery. Which is only included with the documentation. As far as I can tell, it's not something to worry about. A simple solution is to regenerate the docs with a newer version of Jazzy.

Answer 2 · 2021-03-15T09:26:09.000Z

Hi Roslund,

Thanks for the info.

We are not building SwiftyTextTable from source. We are using Swiftlint(https://github.com/realm/SwiftLint), tool to enforce Swift style and conventions which is internally consuming SwiftyTextTable. So we were not able to manually integrate new version of Jazzy.

Is there a plan to upgrade jazzy to latest version in near future? can we expect updated version of library?