Hi,
First of all thank you for all the work and effort put on this project, much appreciated.
The package commons-beanutils version 1.9.2 has been tagged with CVE-2019-10086.
I leave you some references:
https://nvd.nist.gov/vuln/detail/CVE-2019-10086
https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-460111
This is a transitive dependency from commons-validator, and there is no date for fix release from the Apache team.
Could you consider setting the commons-beanutils version to 1.9.4 as this version fixes the vulnerability?
Thanks in advance,
Regards.
Hi,
First of all thank you for all the work and effort put on this project, much appreciated.
The package commons-beanutils version 1.9.2 has been tagged with CVE-2019-10086.
I leave you some references:
https://nvd.nist.gov/vuln/detail/CVE-2019-10086
https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-460111
This is a transitive dependency from commons-validator, and there is no date for fix release from the Apache team.
Could you consider setting the commons-beanutils version to 1.9.4 as this version fixes the vulnerability?
Thanks in advance,
Regards.