Hello! We found a vulnerable dependency in your project. Are you aware of it?

Hi! We spot a vulnerable dependency in your project, which might threaten your software. 
And we found that the vulnerable function of this CVE can be easily accessed from your software.

+ CVE_ID: **CVE-2021-39154**
+ Vulnerable dependency: **com.thoughtworks.xstream:xstream**
+ Your invocation path to the vulnerable method:
```java
org.jeasy.batch.extensions.xstream.XstreamRecordMarshaller:<init>()
⬇️
com.thoughtworks.xstream.XStream:<init>()
⬇️
...
⬇️
com.thoughtworks.xstream.XStream:setupSecurity()
```

Therefore, maybe you need to upgrade this dependency. Hope this can help you! 😄



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Hello! We found a vulnerable dependency in your project. Are you aware of it? #406

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Hello! We found a vulnerable dependency in your project. Are you aware of it? #406

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions