Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] security vulnerabilities in libraries #241

Open
Lastaapps opened this issue May 28, 2024 · 1 comment
Open

[BUG] security vulnerabilities in libraries #241

Lastaapps opened this issue May 28, 2024 · 1 comment
Assignees
@skrapeit
Labels
bug Something isn't working

Comments

@Lastaapps
Copy link

Describe the bug
Hi, I just included the version 1.3.0-alpha.2 skrape.it into my project, and IntelliJ reports that the package depends on vulnerable versions of quite a few libraries. When I try version 1.2.2, it's the same. I don't say that users of this library are directly vulnerable, but it's suspicious at least. All the vulnerabilities have quite a high score, so it would make sense just to make 1.2.3 release just with these libs bumped. Thanks for the great project!

image

All the vulnerabilities reported by IntelliJ
@Lastaapps Lastaapps added the bug Something isn't working label May 28, 2024
@Lastaapps
Copy link
Author

A potential fix for anyone reading this is to just update the libraries on your side, this should be safe.

    implementation("ch.qos.logback:logback-core:1.4.12")
    implementation("ch.qos.logback:logback-classic:1.4.12")
    implementation("commons-net:commons-net:3.9.0")
    implementation("org.apache.commons:commons-text:1.10.0")
    implementation("org.jsoup:jsoup:1.15.3")
    implementation("xalan:xalan:2.7.3")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skrapeit skrapeit

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skrapeit @Lastaapps