Transitive vulnerable dependency
palhoye opened this issue · comments
Pål Høye commented
Checkmarx reports the following transitive vulnerability via Gradle for "io.zonky.test:embedded-database-spring-test:2.5.0":
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0
- CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
- CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity found
Tomáš Vaněk commented
Thank you for the report. The fix has just been merged into the affected library here: zonkyio/embedded-postgres#128