[BUILD-1024] DoS vulnerability in hutool-json v5.8.10 Created: 27/Feb/23  Updated: 02/Mar/23  Resolved: 01/Mar/23

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Maxime Michel Assignee: Maxime Michel
Resolution: Not an issue Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:
Team: Foundation

 Description   

Even though all builds from legacy 5.7 to magnolia-cloud picked up on the CVE, in the end I found the affected hutool-json v5.8.10 nowhere in our dependency tree. Hence, I've suppressed it.



 Comments   
Comment by Federico Grilli [ 01/Mar/23 ]

Agree, this looks like a mismatch  

Generated at Sun Feb 11 23:47:26 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.