Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities in jose4j 0.9.6 dependency #3940

Closed
ntpruebas1 opened this issue Feb 22, 2025 · 1 comment
Closed

Vulnerabilities in jose4j 0.9.6 dependency #3940

ntpruebas1 opened this issue Feb 22, 2025 · 1 comment

Comments

@ntpruebas1
Copy link

This dependency has vulnerabilities

org.bitbucket.b_c jose4j 0.9.6

Ref: https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j/0.9.6

CVE-2024-30171
CVE-2024-29857
CVE-2023-6378
CVE-2023-33201
@brendandburns
Copy link
Contributor

These appear to all be vulnerabilities in things that jose4j depends on, not vulnerabilities in jose4j itself.

For those dependencies, if you look through the versions that we depend on in our pom.xml all of those dependencies are updated past the vulnerable version.

As far as I know, Maven only uses a single version of the library when building/compiling, so I'm pretty sure that none of these vulnerabilities apply to this library.

I'm going to close this, please add a comment with /reopen if you need further assistance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brendandburns @ntpruebas1