-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE BUG] Transitive CVE is introduced via Java SDK #810
Comments
/assign @lentitude2tk |
The CVE-2023-3635 is caused by okio, which is included by minio-java. minio-java is imported for BlukWriter.
CVE-2023-3635 is fixed in okio 3.4.0: square/okio#1280 The minio-java 8.5.7 fixed this issue by upgrading the okhttp from 4.11 to 4.12: https://github.com/minio/minio-java/releases/tag/8.5.7 |
Get new error after upgrading minio-java to 8.5.7, not sure the root cause.
|
@yhmo I'll handle it |
CVE-2023-3635 7.5 Incorrect Conversion between Numeric Types vulnerability with High severity found
Today, when someone adds the milvus Java SDK, a transitive CVE is injected into the project. See below,
Version impacted,
The text was updated successfully, but these errors were encountered: