pom.xml line 20 pins junit:junit:4.11. This version is affected by CVE-2020-15250: TemporaryFolder creates files with world-readable permissions on Unix, allowing local information disclosure. Bump to 4.13.2 for a one-line fix, or migrate to JUnit Jupiter 5.x. Test scope limits exposure to CI environments but it will surface in any dependency scan.
pom.xmlline 20 pinsjunit:junit:4.11. This version is affected by CVE-2020-15250:TemporaryFoldercreates files with world-readable permissions on Unix, allowing local information disclosure. Bump to4.13.2for a one-line fix, or migrate to JUnit Jupiter 5.x. Test scope limits exposure to CI environments but it will surface in any dependency scan.