Affects PMD Version:
7.0.0-rc3
Description:
Hello PMD team. We scanned PMD source code with Snyk and another system it reported 2 critical and 1 high CVEs.
Also this vulnerabilities block deployment and creating Docker image and another servers:
Vulnerable Library: scala-reflect-2.13.3.jar (/dist/pmd-bin/lib/scala-reflect-2.13.3.jar)
Dependency Hierarchy:
Directly - ⚠️ scala-reflect-2.13.3.jar (Vulnerability Library)
Severity:
🚫 CRITICAL
CVE-2022-36944
Fixed Version:
♻️ scala-reflect-2.13.9.jar
Vulnerable Library: scala-reflect-2.13.3.jar (/dist/pmd-bin/lib/scala-reflect-2.13.3.jar)
Dependency Hierarchy:
Directly - ⚠️ scala-reflect-2.13.3.jar (Vulnerability Library)
Severity:
🚫 CRITICAL
VULNDB-298991
Fixed Version:
♻️ scala-reflect-2.13.9.jar
Vulnerable Library: commons-io (/dist/pmd-bin/lib/pmd-ui-7.0.0-rc1.jar:commons-io)
Dependency Hierarchy:
- ⚠️ pmd-ui-7.0.0-rc1.jar (Root Library)
- ⚠️ commons-io (Vulnerability Library)
Severity:
🚫 HIGH
VULNDB-239195
Fixed Version:
♻️ commons-io-2.8.0.jar
Affects PMD Version:
7.0.0-rc3
Description:
Hello PMD team. We scanned PMD source code with Snyk and another system it reported 2 critical and 1 high CVEs.
Also this vulnerabilities block deployment and creating Docker image and another servers:
Vulnerable Library: scala-reflect-2.13.3.jar (/dist/pmd-bin/lib/scala-reflect-2.13.3.jar)
Dependency Hierarchy:
Severity:
🚫 CRITICAL
CVE-2022-36944
Fixed Version:
♻️ scala-reflect-2.13.9.jar
Vulnerable Library: scala-reflect-2.13.3.jar (/dist/pmd-bin/lib/scala-reflect-2.13.3.jar)
Dependency Hierarchy:
Severity:
🚫 CRITICAL
VULNDB-298991
Fixed Version:
♻️ scala-reflect-2.13.9.jar
Vulnerable Library: commons-io (/dist/pmd-bin/lib/pmd-ui-7.0.0-rc1.jar:commons-io)
Dependency Hierarchy:
Severity:
🚫 HIGH
VULNDB-239195
Fixed Version:
♻️ commons-io-2.8.0.jar