CVE in openid-connect-client #1577
Comments
|
I would add some more CVE's to the @arunkumarthangavel 's list. CVE-2018-1260 This is because spring-security-oauth2 dependency is currently in 2.1.0.RELEASE: and it should be updated. |
|
Is there any update on these CVEs? Any timeline for a fix? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We scanned a project using dependency check plugin and it showed below CVEs in openid-connect-client.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27568
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8908
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14379
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27568
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17195
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1652
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1652
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000027
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000027
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22978
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000027
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000027
Is there any version available without the above CVEs?
The text was updated successfully, but these errors were encountered: