how to solve vul CVE-2024-2700 #28766
Closed
missedone
started this conversation in
Keycloak.X - Quarkus distribution
Replies: 1 comment
-
|
This was answered in #28615 . I suggest closing this discussion. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
the supply chain attack scanning system reported the vulnerable version of quarkus-core-3.8.3 in Keycloak 24.0.2, do you have a plan to fix the issue?
===========================================================================
Total: 0 (HIGH: 0, CRITICAL: 0)
2024-04-16T05:40:51.380Z �[34mINFO�[0m Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
Java (jar)
Total: 1 (HIGH: 1, CRITICAL: 0)
┌─────────────────────────────────────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────────────────────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ io.quarkus:quarkus-core (io.quarkus.quarkus-core-3.8.3.jar) │ CVE-2024-2700 │ HIGH │ fixed │ 3.8.3 │ 3.9.2 │ quarkus-core: Leak of local configuration properties into │
│ │ │ │ │ │ │ Quarkus applications │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-2700 │
└─────────────────────────────────────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘
Beta Was this translation helpful? Give feedback.
All reactions