Skip to content

Vulnerabilities detected against dsbulk 1.11.0  #497

New issue
New issue
Open
#515
Open
Vulnerabilities detected against dsbulk 1.11.0 #497
#515
Assignees
absurdfarce
Milestone
1.11.1
@alberto-bortolan

Description

@alberto-bortolan
alberto-bortolan
opened on Jul 10, 2024

The following vulnerabilities have been reported against dsbulk 1.11 from "Open Source Scanning in Visual Studio Team Services".
It would be desirable if as many as possible are resolved.

CVE-2019-10202 snyk Score: 9.8 org.codehaus.jackson:jackson-core-asl
Recommendation: Fix unavailable

CVE-2022-42889 Score: 9.8 org.apache.commons:commons-text
Recommendation: Upgrade to 1.10.0

CVE-2023-6378 Score: 7.5 ch.qos.logback:logback-classic
Recommendation: Upgrade to 1.2.13

CVE-2023-6481 Score: 7.5 ch.qos.logback:logback-core
Recommendation : Upgrade to 1.2.13

CVE-2023-34455 Score: 7.5 org.xerial.snappy:snappy-java
Recommendation: Upgrade to 1.1.10.4

CVE-2023-34453 Score: 7.5 org.xerial.snappy:snappy-java
Recommendation: Upgrade to 1.1.10.4

CVE-2022-42003 Score: 7.5 com.fasterxml.jackson.core:jackson-databind
Recommendation: Upgrade to 2.13.4.redhat-00002

CVE-2022-42004 Score: 7.5 com.fasterxml.jackson.core:jackson-databind
Recommendation : Upgrade to 2.13.4.redhat-00002

CVE-2022-45688 Score: 7.5 org.json:json
Recommendation : Upgrade to 20231013

CVE-2023-5072 Score: 7.5 org.json:json
Recommendation : Upgrade to 20231013

CVE-2023-34454 Score: 5.9 org.xerial.snappy:snappy-java
Recommendation: Upgrade to 1.1.10.4

CVE-2024-26308 Score: 5.5 org.apache.commons:commons-compress
Recommendation: Upgrade to 1.26.0

CVE-2024-25710 Score: 5.5 org.apache.commons:commons-compress
Recommendation: Upgrade to 1.26.0

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions