Describe the bug
Audit tool output:
8 unignored (of 8 total) vulnerabilities found
io.vertx:vertx-auth-shiro:3.9.8 introduces org.apache.shiro:shiro-core:1.2.6 which has 6 vulnerabilities
=> [CVE-2019-12422] Apache Shiro before 1.4.2, when using the default "remember me" configuration, c... (see https://ossindex.sonatype.org/vuln/ef6230d3-dd8f-4a0c-8444-b516befb51d2)
=> [CVE-2020-1957] Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controlle... (see https://ossindex.sonatype.org/vuln/abc35b39-cbc3-4511-a214-ed990607cd04)
=> [CVE-2020-11989] Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controlle... (see https://ossindex.sonatype.org/vuln/ce1c2a01-6040-4797-a476-532f8f84e177)
=> [CVE-2020-13933] Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP req... (see https://ossindex.sonatype.org/vuln/8f152c13-333e-469e-945e-397ea8cb68a8)
=> [CVE-2020-17510] Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially craf... (see https://ossindex.sonatype.org/vuln/08abbd7c-5fb3-42aa-8f9b-dae1d609e33b)
=> [CVE-2020-17523] Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially craf... (see https://ossindex.sonatype.org/vuln/1b07233c-fddd-4e1e-b3fd-4f39b6285e04)
io.vertx:vertx-auth-shiro:3.9.8 introduces commons-beanutils:commons-beanutils:1.8.3 which has 2 vulnerabilities
=> [CVE-2014-0114] Improper Input Validation (see https://ossindex.sonatype.org/vuln/cc1835c0-63c3-4b0a-baa5-a3891271bf60)
=> [CVE-2019-10086] In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added wh... (see https://ossindex.sonatype.org/vuln/9dd388b6-e51b-4261-9a0d-76f9aeb4f153)
Issue in Vert.x: https://github.com/vert-x3/vertx-auth/issues/505
When fixed, please check the code: FIXME https://github.com/Knotx/knotx-server-http/issues/76
Describe the bug
Audit tool output:
Issue in Vert.x: https://github.com/vert-x3/vertx-auth/issues/505
When fixed, please check the code:
FIXME https://github.com/Knotx/knotx-server-http/issues/76