Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JUnit version used is flagged as having a CVE #1084

Closed
alangdundee opened this issue Sep 15, 2022 · 1 comment
Closed

JUnit version used is flagged as having a CVE #1084

alangdundee opened this issue Sep 15, 2022 · 1 comment

Comments

@alangdundee
Copy link

It may be a recent addition to mvnrepository (don't recall seeing previously) but projects with CVEs in their dependencies are being flagged and highlighted as having vulnerabilities, albeit not prominently if it is in a dependency.

https://mvnrepository.com/artifact/org.pitest/pitest/1.9.5

You can see info on the CVE here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250 and it appears bumping JUnit to 4.13.1 would mitigate it.
@MitchellGale MitchellGale mentioned this issue Dec 21, 2022
Merged
6 tasks
MitchellGale added a commit to MitchellGale/pitest that referenced this issue Dec 21, 2022
@MitchellGale
Updated JUnit
0b6ae19 
hcoles#1084 Addresses this issue.
@MitchellGale MitchellGale mentioned this issue Dec 21, 2022
Closed
@hcoles
Copy link
Owner

hcoles commented Jan 4, 2023

Thanks @alangdundee, this was a bit of a phantom issue as pitest sets junit to provided, so it is the end project that determines the version used rather than pitest. Fix merged in now, will be in the next release.

@hcoles hcoles closed this as completed Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hcoles @alangdundee