Skip to content

JFlex depends on unsafe ant@1.7.0 #294

Closed
@regisd

Description

@regisd

There is a dependency de.jflex:jflex@1.6.1 → org.apache.ant:ant@1.7.0
ant@1.7.0 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEANT-30510

Metadata

Metadata

Assignees

Labels

securitySecurity vulnerabilities

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions