[
https://issues.apache.org/jira/browse/MSHARED-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sylwester Lachiewicz updated MSHARED-1133:
------------------------------------------
Description:
fixes bellow reported issues in tests
Provides transitive vulnerable dependency xerces:xercesImpl:2.6.2
CVE-2012-0881 7.5 Vulnerability with medium severity found
CVE-2018-2799 5.3 Uncontrolled Resource Consumption vulnerability pending CVSS
allocation
CVE-2013-4002 7.1 Uncontrolled Resource Consumption vulnerability pending CVSS
allocation
CVE-2020-14338 5.3 Improper Input Validation vulnerability pending CVSS
allocation
CVE-2009-2625 5.0 Vulnerability with medium severity found
CVE-2017-10355 5.3 Uncontrolled Resource Consumption vulnerability pending CVSS
allocation
CVE-2022-23437 6.5 XML Injection (aka Blind XPath Injection) vulnerability
pending CVSS allocation
Results powered by Checkmarx(c)
> Drop dependency to junit-addons
> -------------------------------
>
> Key: MSHARED-1133
> URL: https://issues.apache.org/jira/browse/MSHARED-1133
> Project: Maven Shared Components
> Issue Type: Dependency upgrade
> Components: maven-reporting-impl
> Reporter: Sylwester Lachiewicz
> Priority: Minor
>
> fixes bellow reported issues in tests
> Provides transitive vulnerable dependency xerces:xercesImpl:2.6.2
> CVE-2012-0881 7.5 Vulnerability with medium severity found
> CVE-2018-2799 5.3 Uncontrolled Resource Consumption vulnerability pending
> CVSS allocation
> CVE-2013-4002 7.1 Uncontrolled Resource Consumption vulnerability pending
> CVSS allocation
> CVE-2020-14338 5.3 Improper Input Validation vulnerability pending CVSS
> allocation
> CVE-2009-2625 5.0 Vulnerability with medium severity found
> CVE-2017-10355 5.3 Uncontrolled Resource Consumption vulnerability pending
> CVSS allocation
> CVE-2022-23437 6.5 XML Injection (aka Blind XPath Injection) vulnerability
> pending CVSS allocation
> Results powered by Checkmarx(c)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
