Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulernability in 4.5.8 of package: au.com.dius.pact:consumer #1720

Closed
mefellows opened this issue Oct 12, 2023 · 0 comments
Closed

Vulernability in 4.5.8 of package: au.com.dius.pact:consumer #1720

mefellows opened this issue Oct 12, 2023 · 0 comments
Labels
security Indicates a security issue or vulnerability

Comments

@mefellows
Copy link
Member

Java version: 11
Pact Version: 4.5.8

Upgrade au.com.dius.pact:[email protected] to au.com.dius.pact:[email protected] to fix
  ✗ Denial of Service (DoS) [High Severity][[https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379](https://protect-us.mimecast.com/s/CDANC9rNjGfr63y4todjkO?domain=security.snyk.io)] in org.json:json@20220924
    introduced by au.com.dius.pact:[email protected] > org.json:json@20220924

The problem is, that pact versions after 4.6.0 require to use of Java 17, so any project which is still using Java 11 is in a bit of trouble.
@mefellows mefellows added the security Indicates a security issue or vulnerability label Oct 12, 2023
rholshausen added a commit that referenced this issue Oct 24, 2023
@rholshausen
chore: Upgrade org.json:json to latest #1720
e10e7f5
rholshausen added a commit that referenced this issue Oct 24, 2023
@rholshausen
chore: Upgrade org.json:json to latest #1720
367cb6e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Indicates a security issue or vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mefellows @rholshausen