Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OWASP scan multiple CVEs from DOMPurify and Moment.js #6052

Closed
logycon opened this issue Dec 31, 2024 · 3 comments
Closed

OWASP scan multiple CVEs from DOMPurify and Moment.js #6052

logycon opened this issue Dec 31, 2024 · 3 comments

Comments

@logycon
Copy link

logycon commented Dec 31, 2024

Armeria 1.31.3 OWASP dependency check scan is reporting following CVEs all related to JS libraries:

CVE-2024-45801(10.0) DOMPurify
CVE-2023-22467(7.5) Moment.js
CVE-2022-31129(7.5) Moment.js
CVE-2024-48910(10.0) DOMPurify
CVE-2024-47875(10.0) DOMPurify
CVE-2022-24785(7.5) Moment.js

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:11.1.1:check (default-cli)
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] armeria-1.31.3.jar: main.b2883cfa629bb433ce6b.js.gz: main.b2883cfa629bb433ce6b.js: CVE-2024-45801(10.0), CVE-2023-22467(7.5), CVE-2022-31129(7.5), CVE-2024-48910(10.0), CVE-2024-47875(10.0), CVE-2022-24785(7.5)
@minwoox
Copy link
Contributor

minwoox commented Dec 31, 2024

Hi, @logycon!
I believe that this issue will be resolved by this PR:
#6045

@logycon
Copy link
Author

logycon commented Dec 31, 2024

Awesome. Thanks!

@logycon logycon closed this as completed Dec 31, 2024
@logycon
Copy link
Author

logycon commented Dec 31, 2024

Already addressed in PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@logycon @minwoox