Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability version 4.0.1 #3256

Closed
luiseps opened this issue Sep 8, 2023 · 0 comments
Closed

Security vulnerability version 4.0.1 #3256

luiseps opened this issue Sep 8, 2023 · 0 comments
Labels
can't-fix We don't know how to do this at the moment

Comments

@luiseps
Copy link

luiseps commented Sep 8, 2023

What happened?

Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2

Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation
Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation

Results powered by Checkmarx(c)

What did you expect to happen?

No response

Serenity BDD version

4.0.1

JDK version

11

Execution environment

No response

How to reproduce the bug.

It's shown in the checkmarx plugin for IntelliJ

How can we make it happen?

Add it to the Serenity BDD backlog and wait for a volunteer to pick it up
wakaleo added a commit that referenced this issue Sep 8, 2023
@wakaleo
Removed direct dependencies from commons-collections libraries to avo…
87ea527 
…id a security vunerability (see #3256). The transitive dependency persists for serenity-bitbar, which is beyond our control
@wakaleo wakaleo added the can't-fix We don't know how to do this at the moment label Sep 13, 2023
@wakaleo wakaleo closed this as completed Sep 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
can't-fix We don't know how to do this at the moment
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wakaleo @luiseps