spotbugs / spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Home Page:https://spotbugs.github.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Security] bcel 6.5.0 has a critical vulnerability

patrickuhlmann opened this issue · comments

Spotbugs 4.7.3 is using org.apache.bcel:bcel:6.5.0.

The owasp dependency-check fails the build of my project due to a critical vulnerability present in that library. See here for details: https://nvd.nist.gov/vuln/detail/CVE-2022-42920

Please update bcel to a higher version.

Thanks for opening your first issue here! 😃
Please check our contributing guideline. Especially when you report a problem, make sure you share a Minimal, Complete, and Verifiable example to reproduce it in this issue.

Duplicate of #2251