Skip to content

Update pom.xml#7

Open
endor-matt wants to merge 1 commit into
mainfrom
endor-matt-test-gson-1
Open

Update pom.xml#7
endor-matt wants to merge 1 commit into
mainfrom
endor-matt-test-gson-1

Conversation

@endor-matt

Copy link
Copy Markdown
Owner

No description provided.

@endor-labs-pro

endor-labs-pro Bot commented Apr 8, 2025

Copy link
Copy Markdown

Warning

Endor Labs detected 1 policy violations associated with this pull request.

Please review the findings that caused the policy violations.

📋 Policy: Critical or High Severity Vulnerability that can be fixed and is reachable (1 finding)

📥 Package mvn://com.visualpathit:vprofile@v2

⤵️ Dependency: mvn://com.google.code.gson:gson@2.8.8
🚩 GHSA-4jrv-ppp4-jm57: Deserialization of Untrusted Data in Gson

Details

  • Severity: High
  • Tags: Direct Normal Unreachable Function Reachable Dependency Fix Available Blocker
  • Categories: Security Vulnerability
  • Summary: com.google.code.gson:gson@2.8.8 has a high severity vulnerability identified by GHSA-4jrv-ppp4-jm57: Deserialization of Untrusted Data in Gson. No vulnerable function is known to be reachable. This vulnerability was fixed in version 2.8.9.
    com.google.code.gson:gson@2.8.8 is a direct dependency of com.visualpathit:vprofile@v2.
  • Remediation: Update com.visualpathit:vprofile@v2 to use com.google.code.gson:gson version 2.8.9 (current: 2.8.8, latest: 2.12.1).

This comment was automatically generated by Endor Labs.
Scanned @ 04-08-2025 02:25:18 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant