Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[🐸 Frogbot] Update version of org.bouncycastle:bcpkix-jdk18on to 1.78 #938

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

github-actions[bot]
Copy link

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

✍️ Summary

SEVERITY CONTEXTUAL ANALYSIS DIRECT DEPENDENCIES IMPACTED DEPENDENCY FIXED VERSIONS CVES

Medium
Not Applicable org.mock-server:mockserver-netty:5.14.0 org.bouncycastle:bcpkix-jdk18on 1.77 [1.78] CVE-2024-30171

🔬 Research Details

Description:
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant