Snyk: snowflake-jdbc org.apache.commons:commons-compress 1.23.0 | Snyk ID - SNYK-JAVA-ORGAPACHECOMMONS-5901530

Question

Snyk: snowflake-jdbc org.apache.commons:commons-compress 1.23.0 | Snyk ID - SNYK-JAVA-ORGAPACHECOMMONS-5901530

Closed this issue 7 months ago · 1 comments

Title: Snyk: snowflake-jdbc org.apache.commons:commons-compress 1.23.0
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/480ae46f-80b1-4291-9eee-e907065f9e80
Repo: snowflake-jdbc
CVE: CVE-2023-42503
Package Type: java
Package Name: org.apache.commons:commons-compress
Package Version: 1.23.0
Snyk ID: SNYK-JAVA-ORGAPACHECOMMONS-5901530
Vulnerability URL: http://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-5901530
Severity: medium
Introduced Date: 2023-10-17
Projects with Vulnerability: snowflakedb/snowflake-jdbc:FIPS/pom.xml
Target File: FIPS/pom.xml
JIRA Ticket: https://snowflakecomputing.atlassian.net/browse/SNOW-943973

Answer 1 · 2024-01-29T10:27:19.000Z

We are not using commons-compress in version 1.23 in snowflake-jdbc and snowflake-jdbc-fips since version 3.14.4 (we are using in tests version 1.21)