Skip to content

[BUG] Vulnerability through dependency in the SDK v3.4.0 #6433

Description

@qa-fabio-paulus

In the dependency tree of azure-cosmos:3.4.0 is commons-beanutils:commons-beanutils:jar:1.9.2 (through commons-validator:commons-validator:jar:1.6).

commons-beanutils in version 1.9.2 has the following vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2019-10086

Could you update the dependency-tree such that the vulnerability is not part of it anymore?

Metadata

Metadata

Labels

CosmosService AttentionWorkflow: This issue is responsible by Azure service team.cosmos:v4-itemIndicates this feature will be shipped as part of V4 release traincustomer-reportedIssues that are reported by GitHub users external to the Azure organization.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions