Hello! We found a vulnerable dependency in your project. Are you aware of it? #32
Description
Hi! We spot a vulnerable dependency in your project, which might threaten your software.
And we found that the vulnerable function of this CVE can be easily accessed from your software.
- CVE_ID: CVE-2021-39154
- Vulnerable dependency: com.thoughtworks.xstream:xstream
- Your invocation path to the vulnerable method:
store.jesframework.serializer.XStreamSerializer:<init>(store.jesframework.serializer.TypeRegistry)
⬇️
com.thoughtworks.xstream.XStream:<init>(com.thoughtworks.xstream.io.HierarchicalStreamDriver)
⬇️
com.thoughtworks.xstream.XStream:<init>(com.thoughtworks.xstream.converters.reflection.ReflectionProvider,com.thoughtworks.xstream.mapper.Mapper,com.thoughtworks.xstream.io.HierarchicalStreamDriver)
⬇️
.....
⬇️
com.thoughtworks.xstream.XStream:setupSecurity()Therefore, maybe you need to upgrade this dependency. Hope this can help you! 😄