dakshay4 opened a new issue, #6185:
URL: https://github.com/apache/incubator-kie-drools/issues/6185

   Hi Drools Team,
   
   There is a transitive Vulnerability in 
`org.drools:drools-decisiontables:jar:9.44.0.Final`
   Due to `org.mvel:mvel2:jar:2.5.0.Final:compile`
   
   Meanwhile I checked the commit 
https://github.com/kiegroup/drools/commit/cb046fb6a0667b7ff63e0a0abf15b19035dd00bf
   It is updated in repo, and not present in the latest jar of 
org.drools:drools-decisiontables, i.e. 9.44.0.Final
   
   > _Dependency tree in our application -_
   
   
   <img width="665" alt="Screenshot 2024-12-05 at 11 16 40 AM" 
src="https://github.com/user-attachments/assets/53c18ed4-0edd-4d95-8ed3-9fc89995d2f3";>
   
   
   
   
   > _Dependency present in the drools repo-_
   
   
   ![Screenshot 2024-12-05 at 10 36 56 
AM](https://github.com/user-attachments/assets/604e1bcc-13f9-4afb-9fbd-dcc7ee11c79c)
   
   Creating vulnerability in our application.
   
   It is requested to please upload the jar with mvel2 version >=2.5.1.Final
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org
For additional commands, e-mail: commits-h...@kie.apache.org

Reply via email to