Skip to content

Unresolved CVE in v 7.13.0 #21313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SB6310-Equans opened this issue May 22, 2025 · 2 comments
Open

Unresolved CVE in v 7.13.0 #21313

SB6310-Equans opened this issue May 22, 2025 · 2 comments

Comments

@SB6310-Equans
Copy link

Hello,

We're using your librarie in one of our projects, and while resolving it's vulnerabilities, it seems that the latest version available on the maven repository repository does not resolved these CVE :

[ERROR] swagger-parser-core-2.1.22.jar: CVE-2019-7238(9.8), CVE-2020-10204(7.2), CVE-2020-10199(8.8)
[ERROR] swagger-parser-safe-url-resolver-2.1.22.jar: CVE-2022-2900(9.1), CVE-2022-2216(9.8)

We're using owasp dependency check

org.owasp
dependency-check-maven

Are those in your backlog at the moment ?

Thank you.
@wing328
Copy link
Member

wing328 commented May 24, 2025

just filed #21325 to update swagger parser to the latest version

@SB6310-Equans
Copy link
Author

SB6310-Equans commented May 26, 2025
edited
Loading

Thank you for this.

We actually found another one, with a much lower criticity : [ERROR] threetenbp-1.7.0.jar: CVE-2024-23082(5.3)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wing328 @SB6310-Equans