KAFKA-14994: jose4j is vulnerable to CVE- Improper Cryptographic Algorithm #13717
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upgraded jose4j to remove vulnerability,
CVE-Improper Cryptographic Algorithm
Severity: HIGH
CVSS: 7.1
Disclosure Date: 07 Feb 2023 19:00PM EST
Vulnerability Info: https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/40398
Current version in use: 0.7.9
Latest version with the fix(in pr): 0.9.3