[Backport 2.15] Fix notifications listener leak in threat intel monitor (#1363) · opensearch-project/security-analytics@dfb94d0

Security Report

1 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2024-7254 Path to dependency file: /build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar Dependency Hierarchy: -> opensearch-2.15.1-SNAPSHOT.jar (Root Library) -> ❌ protobuf-java-3.22.3.jar (Vulnerable Library)	High	7.5	protobuf-java-3.22.3.jar	Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2	None

Base branch total remaining vulnerabilities: 0
Base branch commit: 5341174d905030f83a70186761c946056ce8352f

Total libraries scanned: 124

Scan token: 72ee31066dbd4c92a5bca3895835d912

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Report

Re-running checks...

[Backport 2.15] Fix notifications listener leak in threat intel monit…

Security Report

Re-running checks...