Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

spring cloud contract 4.2.0 bring a dependency which contain vulnerability. #2150

Open
alexisgayte opened this issue Jan 21, 2025 · 1 comment

Comments

@alexisgayte
Copy link

version 4.2.0 and under.

the lib is pulled from spring-cloud-contract-verifier

com.rackspace.eclipse.webtools.sourceediting:org.eclipse.wst.xml.xpath2.processor

(https://mvnrepository.com/artifact/com.rackspace.eclipse.webtools.sourceediting/org.eclipse.wst.xml.xpath2.processor/2.1.100)

@alexisgayte alexisgayte changed the title spring cloud contract 4.2.0 bring dependency containing vulnerability. spring cloud contract 4.2.0 bring a dependency which contain vulnerability. Jan 21, 2025
@marcingrzejszczak marcingrzejszczak marked this as a duplicate of #2151 Jan 21, 2025
@alexisgayte
Copy link
Author

Vulnerabilities from dependencies:
CVE-2022-23437
CVE-2020-14338
CVE-2013-4002
CVE-2012-0881

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants