Owasp scan still reflects vulnerability for CVE-2020-26945 when mybatis 3.5.6 is used. #2982
Comments
|
Likely a false positive. Please see: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Don't know if this is the correct channel post for CVE-2020-26945 that was flag by Owasp scan.
Recently we did a OWASP scan on the libs for my project and a vulnerability was flagged for mybatis-spring-2.0.5.jar on CVE-2020-26945 to use mybatis-3.5.6.
Thus I have up only mybatis to 3.5.6 with mybatis-spring-2.0.5 and did another owasp scan. The vulnerability is still being reported.
Thinking maybe I need to up mybatis-spring to 2.0.6 wth 3.5.6 and did another scan. The vulnerability is still being reported. Is there issue with the dependency?
The fact that synk seems to show its correct here https://snyk.io/vuln/SNYK-JAVA-ORGMYBATIS-1017032
For expert advice. Thanks alot.
Best Regards,
Taroace22
The text was updated successfully, but these errors were encountered: