Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dev: repository trivy warnings only megalinter config
trivy reporting CVE-2024-22871 which uses a serialisation approach described by the Clojure documentation as an unsafe practice CVE-2024-22871 is not considered a viable vunerability https://ask.clojure.org/index.php/13617/security-problems-command-execution-clojure-deserialization#c13628 pom.xml (pom) ============= Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) ┌─────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ │ org.clojure:clojure │ CVE-2024-22871 │ MEDIUM │ affected │ 1.11.1 │ │ Clojure Denial of Service vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-22871 │ └─────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ resources/practicalli/service/root/pom.xml (pom) ================================================ Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) ┌─────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ │ org.clojure:clojure │ CVE-2024-22871 │ MEDIUM │ affected │ 1.11.1 │ │ Clojure Denial of Service vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-22871 │ └─────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘
- Loading branch information