Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test package deny list 11 #13

Closed
wants to merge 4 commits into from
Closed

Conversation

AlexWilson-GIS
Copy link
Owner

Confirming that inline settings override external file ones, causing some arguments with inline defaults to be un-configurable from an external config file.

Copy link

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
See the Details below.

Vulnerabilities

my-app/pom.xml

NameVersionVulnerabilitySeverity
log4j:log4j1.2.17SQL Injection in Log4j 1.2.xcritical
Deserialization of Untrusted Data in Apache Log4jcritical
Deserialization of Untrusted Data in Log4jcritical
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted datahigh
Deserialization of Untrusted Data in Log4j 1.xhigh

Scanned Manifest Files

.github/workflows/DependencyReview.yml
  • actions/checkout@4.*.*
  • actions/dependency-review-action@4.*.*
  • actions/checkout@3.*.*
  • actions/dependency-review-action@3.*.*
my-app/pom.xml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant