Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9 #541

Open
1 task done
liming1010 opened this issue Nov 30, 2023 · 1 comment
Open
1 task done
Labels
dependencies Pull requests that update a dependency file security

Comments

@liming1010
Copy link

Bug Type (问题类型)

rest-api (结果不合预期)

Before submit

  • 我已经确认现有的 IssuesFAQ 中没有相同 / 重复问题 (I have confirmed and searched that there are no similar problems in the historical issue and documents)

Environment (环境信息)

版本1.0

Expected & Actual behavior (期望与实际表现)

<dependency>
            <groupId>org.apache.hugegraph</groupId>
            <artifactId>hugegraph-client</artifactId>
            <version>1.0.0</version>
        </dependency>

这个版本提示

Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9
CVE-2022-42889 9.8 Improper Control of Generation of Code ('Code Injection') vulnerability

经过查询,是个洞

Vertex/Edge example (问题点 / 边数据举例)

No response

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)

No response

@liming1010 liming1010 added the bug Something isn't working label Nov 30, 2023
@imbajin imbajin transferred this issue from apache/incubator-hugegraph Nov 30, 2023
@imbajin
Copy link
Member

imbajin commented Nov 30, 2023

Thanks for your report, maybe they need update in https://github.com/apache/incubator-hugegraph-commons ?

BTW, I help u to transfer the issue to here(toolchain)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file security
Projects
None yet
Development

No branches or pull requests

2 participants