This repository was archived by the owner on Oct 29, 2024. It is now read-only.
This repository was archived by the owner on Oct 29, 2024. It is now read-only.
CVEs in the execution path imported by dependencies #337
Open
Description
Your project are using some dependencies with CVEs. I found the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I suggest a version update to increase the security of your project. Details are listed below:
-
Vulnerable Dependency: org.apache.httpcomponents : httpclient : 4.3
-
Call Chain to Buggy Methods:
-
Some files in your project call the library method org.apache.http.impl.client.HttpClientBuilder.build(), which can reach the buggy method of CVE-2013-4366.
- Files in your project:
src/main/java/com/uber/jenkins/phabricator/conduit/ConduitAPIClient.java - One of the possible call chain:
org.apache.http.impl.client.HttpClientBuilder.build() [buggy method] - Files in your project:
-
-
Update suggestion: version 4.5.11
4.5.11 is a safe version without CVEs. From 4.3 to 4.5.11, 2 of the APIs (called by 3 times in your project) were modified.
Metadata
Metadata
Assignees
Labels
No labels