The dependency check is now failing on json-patch:
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.4.3:check (default-cli) on project ins-app:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
[ERROR]
[ERROR] json-patch-1.13.jar: CVE-2021-4279(9.8)
CVE is https://nvd.nist.gov/vuln/detail/CVE-2021-4279
The fix PR is probably here (Starcounter-Jack/JSON-Patch@7ad6af4). But it is another repository?
Although this library version is pretty old, I found this CVE as a dependency of io.swagger.parser.v3:swagger-parser:jar:2.1.7, see swagger-api/swagger-parser#1867.
The dependency check is now failing on
json-patch:CVE is https://nvd.nist.gov/vuln/detail/CVE-2021-4279
The fix PR is probably here (Starcounter-Jack/JSON-Patch@7ad6af4). But it is another repository?
Although this library version is pretty old, I found this CVE as a dependency of
io.swagger.parser.v3:swagger-parser:jar:2.1.7, see swagger-api/swagger-parser#1867.