Java SDK vulnerabilities in 12.1 #1162
Description
Four vulnerabilities found in the latest Java SDK 1.12.1.
| SDK sub component | module | cvssScore | version | Fixed in | link to CVE |
|---|---|---|---|---|---|
| dapr-sdk-autogen | com.google.protobuf:protobuf-java | 8.7 (high) | 3.25.0 | 3.25.5;4.27.5;4.28.2 | Snyk CVE-2024-7254 |
| dapr-sdk | com.squareup.okhttp3:okhttp | 4.8 (med) | 4.9.0 | 4.9.2 | SnykCVE-2023-0833 |
| dapr-sdk | org.jetbrains.kotlin:kotlin-stdlib | 5.3 (med) | 1.4.10 | 1.6.0 | Snyk CVE-2022-24329 |
| dapr-sdk | org.jetbrains.kotlin:kotlin-stdlib | 3.3 (low) | 1.9.10 | 2.1.0 | Snyk CVE-2020-29582 |