owasp vunerabilities are raised in module two-providers
damiendsl opened this issue · comments
When adding
<plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>6.0.3</version> <configuration> <failBuildOnCVSS>8</failBuildOnCVSS> <skip>false</skip> </configuration> <executions> <execution> <phase>validate</phase> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin>
in module two-providers , some validation errors are raised ( on a mvn clean install ) :
[ERROR] nimbus-jose-jwt-7.8.jar: CVE-2019-17195
[ERROR] spring-security-core-5.2.1.RELEASE.jar: CVE-2018-1258, CVE-2020-5407
[ERROR] spring-security-oauth2-core-5.2.1.RELEASE.jar: CVE-2018-1258, CVE-2020-5407
[ERROR] tomcat-embed-core-9.0.29.jar: CVE-2020-1938
[ERROR] tomcat-embed-websocket-9.0.29.jar: CVE-2020-1938, CVE-2020-8022
I have no idea how to fix the CVE-2018-1258 more particularly