Affects PMD Version:
7.0.0-rc3
Description:
Hello PMD team. We scanned PMD source code with Snyk and another system it reported 2 critical and 1 high CVEs.
Also this vulnerabilities block deployment and creating Docker image and another servers:
Vulnerable Library: scala-reflect-2.13.3.jar (/dist/pmd-bin/lib/scala-reflect-2.13.3.jar)
Dependency Hierarchy:
Directly - ⚠️ scala-reflect-2.13.3.jar (Vulnerability Library)
Severity:
🚫 CRITICAL
CVE-2022-36944
Fixed Version:
♻️ scala-reflect-2.13.9.jar
Vulnerable Library: scala-reflect-2.13.3.jar (/dist/pmd-bin/lib/scala-reflect-2.13.3.jar)
Dependency Hierarchy:
Directly - ⚠️ scala-reflect-2.13.3.jar (Vulnerability Library)
Severity:
🚫 CRITICAL
VULNDB-298991
Fixed Version:
♻️ scala-reflect-2.13.9.jar
Vulnerable Library: commons-io (/dist/pmd-bin/lib/pmd-ui-7.0.0-rc1.jar:commons-io)
Dependency Hierarchy:
- ⚠️ pmd-ui-7.0.0-rc1.jar (Root Library)
- ⚠️ commons-io (Vulnerability Library)
Severity:
🚫 HIGH
VULNDB-239195
Fixed Version:
♻️ commons-io-2.8.0.jar
ppechkurov, EvgenyBulavko, Pavel151194, Vlad-KVR and dmitry-karpik
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4