Vault dependency (CVE-2020-15250) issue when using 1.7 #158
Comments
|
While of course referencing CVEs sounds like a super serious issue, this is not a vault bug nor a serious issue in the realm of Vault. Report this to IJ instead - dependencies with the Technically this issue could be resolved in a future version of vault, but there is little reason to update vault just for this CVE that probably doesn't affect vault in the first place as that dependency is not used at all (at least at first glance). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
<dependency><groupId>com.github.MilkBowl</groupId><artifactId>VaultAPI</artifactId><version>1.7</version><scope>provided</scope></dependency>I used this dependency from the README.md given in the github repo. And Intellij gave me the following vulnerability,
'Provides transitive vulnerable dependency maven:junit:junit:4.10
CVE-2020-15250 5.5 Incorrect Permission Assignment for Critical Resource vulnerability pending CVSS allocation
Results powered by Checkmarx(c)'
The text was updated successfully, but these errors were encountered: