Vulnerable shared library might make Frankenstein vulnerable. Can you help upgrade to patch versions? #8
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Hi, @olir ,I'd like to report a vulnerability issue in de.serviceflow.frankenstein.plugin.jogamp:distribution_0.3.6.
Issue Description
de.serviceflow.frankenstein.plugin.jogamp:distribution_0.3.6 directly or transitively depends on 26 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:
libopencv_java320.sofrom C project opencv(version:3.2.0) exposed 18 vulnerabilities:CVE-2019-15939, CVE-2019-14491, CVE-2019-14493, CVE-2019-14492, CVE-2017-1000450, CVE-2017-12863, CVE-2017-12862, CVE-2017-12864, CVE-2017-12604, CVE-2017-12597, CVE-2017-12606, CVE-2017-12605, CVE-2017-12598, CVE-2017-12600, CVE-2017-12599, CVE-2017-12602, CVE-2017-12601, CVE-2017-12603
Suggested Vulnerability Patch Versions
opencv has fixed the vulnerabilities in versions >=4.2.0
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~
Best regards,
Helen Parr
The text was updated successfully, but these errors were encountered: