[
https://issues.apache.org/jira/browse/CASSANDRA-18922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777494#comment-17777494
]
Brandon Williams commented on CASSANDRA-18922:
----------------------------------------------
This ticket is for the CVE against the driver so that will need to be handled
there, and then presumably we would upgrade to that fixed version here. Only
5.0 and trunk are showing this in 'ant dependency-check' which runs OWASP.
> cassandra-driver-core-3.11.5 vulnerability: CVE-2023-4586
> ---------------------------------------------------------
>
> Key: CASSANDRA-18922
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18922
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 5.0.x, 5.x
>
>
> This is failing OWASP: https://nvd.nist.gov/vuln/detail/CVE-2023-4586
> but appears to be a false positive.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
