Skip to content

Fix s360 vulnerabilities for package and dependencies (Guava, Spring-boot)

Christophe Mongin requested to merge cmongin/fix-vuln-0.21 into release/0.21

Guava vulnerability: "risk": HIGH, "vuln_id": 993366, "vuln_name": Java (Maven) Security Update for com.google.guava:guava (GHSA-7g45-4rm6-3mm3), "cve": [CVE-2023-2976,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976],

Spring boot vulnerabilities: "VulnerabilityId": 996097, "VulnerabilityName": Java (Maven) Security Update for io.projectreactor.netty:reactor-netty-http (GHSA-q24v-hpg3-v3jp), "CVEs": [CVE-2023-34054,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34054]

"VulnerabilityId": 995953, "VulnerabilityName": Java (Maven) Security Update for io.projectreactor.netty:reactor-netty-http (GHSA-xjhv-p3fv-x24r), "CVEs": [CVE-2023-34062,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34062]

Merge request reports

Loading