[BUILD-1024] DoS vulnerability in hutool-json v5.8.10 Created: 27/Feb/23 Updated: 02/Mar/23 Resolved: 01/Mar/23 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Maxime Michel |
| Resolution: | Not an issue | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Date of First Response: | |
| Team: |
| Description |
|
Even though all builds from legacy 5.7 to magnolia-cloud picked up on the CVE, in the end I found the affected hutool-json v5.8.10 nowhere in our dependency tree. Hence, I've suppressed it. |
| Comments |
| Comment by Federico Grilli [ 01/Mar/23 ] |
|
Agree, this looks like a mismatch |