[Security] bcel 6.5.0 has a critical vulnerability
patrickuhlmann opened this issue · comments
Patrick Uhlmann commented
Spotbugs 4.7.3 is using org.apache.bcel:bcel:6.5.0.
The owasp dependency-check fails the build of my project due to a critical vulnerability present in that library. See here for details: https://nvd.nist.gov/vuln/detail/CVE-2022-42920
Please update bcel to a higher version.
welcome commented
Thanks for opening your first issue here! 😃
Please check our contributing guideline. Especially when you report a problem, make sure you share a Minimal, Complete, and Verifiable example to reproduce it in this issue.
Andrey Loskutov commented
Duplicate of #2251