Vulnerability Fixing and POM Reorganization
Fix: Resolve vulnerabilities in pom.xml
This PR addresses vulnerabilities in multiple libraries, including critical and high-severity issues. Below is the delta of vulnerabilities that were present in the previous scan but have been resolved in the current state.
Resolved Vulnerabilities:
-
com.azure:azure-identity-
Vulnerability: CVE-2024-35255
- Severity: Medium
- Issue: Azure Identity Libraries Elevation of Privilege Vulnerability.
-
Resolution: Upgraded from
1.11.2to1.12.2.
-
Vulnerability: CVE-2024-35255
-
com.nimbusds:nimbus-jose-jwt-
Vulnerability: CVE-2023-52428
- Severity: High
-
Issue: Large JWE
p2cheader value causes Denial of Service. -
Resolution: Upgraded from
9.30.2to9.37.2.
-
Vulnerability: CVE-2023-52428
-
org.asynchttpclient:async-http-client-
Vulnerability: CVE-2024-53990
- Severity: Critical
-
Issue:
CookieStorereplaces explicitly defined cookies, leading to potential security issues. -
Resolution: Upgraded from
2.12.1to2.12.4.
-
Vulnerability: CVE-2024-53990
-
io.lettuce:lettuce-core-
Vulnerability: GHSA-q4h9-7rxj-7gx2
- Severity: Medium
- Issue: Netty vulnerability included in Redis Lettuce.
-
Resolution: Upgraded from
6.3.2.RELEASEto6.5.1.RELEASE.
-
Vulnerability: GHSA-q4h9-7rxj-7gx2
By upgrading these libraries to their secure versions, this PR significantly improves the project's security posture by mitigating critical and high-risk vulnerabilities. Please review and approve.