Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch apache-curator and snappy-java #1496

Closed
MichaelsJP opened this issue Jul 13, 2023 · 0 comments · Fixed by #1497
Closed

Patch apache-curator and snappy-java #1496

MichaelsJP opened this issue Jul 13, 2023 · 0 comments · Fixed by #1497
Assignees
Labels
security 🚨 Security-related issues

Comments

@MichaelsJP
Copy link
Member

Scope

pom.xml

Report Link

https://security.snyk.io/vuln/SNYK-JAVA-ORGXERIALSNAPPY-5710960

Dependency affected

apache-curator

Proposed solution / further info

Apache-curator has the snappy-java dependency. The main package isn't updated yet but we can push the deps version of snappy-java to remove the following CVEs:

snappy-java 1.1.7 1.1.10.1 java-archive GHSA-fjpj-2g6w-x25r Medium
snappy-java 1.1.7 1.1.10.1 java-archive GHSA-pqr6-cmr2-h8hf Medium
snappy-java 1.1.7 1.1.10.1 java-archive GHSA-qcwq-55hx-v3vh High

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security 🚨 Security-related issues
Projects
None yet
1 participant