You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update swagger-compat-spec-parser to use json-schema-validator v2.2.8 to address CVSS 3.0 level 5.4 security threat which originates from libphonenumber dependency.
Note that json-schema-validator has had a change of groudId from com.github.fge to com.github.java-json-tools. v2.2.8 uses libphonenumber v8.0.0 (threat was addressed in v7.2.3).
The libphonenumber transitive dependency results in a security alert from Nexus IQ OSS security scanning software. There is no CVE ID. Just a Sonatype problem code:
sonatype-2015-0090 - libphonenumber - A Cross Site Scripting vulnerability was found which is exploitable by manipulating the inputs. Reference:
Update swagger-compat-spec-parser to use json-schema-validator v2.2.8 to address CVSS 3.0 level 5.4 security threat which originates from libphonenumber dependency.
Note that json-schema-validator has had a change of groudId from com.github.fge to com.github.java-json-tools. v2.2.8 uses libphonenumber v8.0.0 (threat was addressed in v7.2.3).
The libphonenumber transitive dependency results in a security alert from Nexus IQ OSS security scanning software. There is no CVE ID. Just a Sonatype problem code:
sonatype-2015-0090 - libphonenumber - A Cross Site Scripting vulnerability was found which is exploitable by manipulating the inputs. Reference:
google/libphonenumber#934
The text was updated successfully, but these errors were encountered: