[Snyk:Medium] org.threeten:threetenbp (Due: 06/17/2024) #5794
Comments
|
Closing this issue because we have already upgraded past 10.10 to 10.12 #5825 and we are no longer getting a vulnerability in snyk. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Introduced through
org.flywaydb:flyway-commandline@10.10.0
Exploit maturity
NO KNOWN EXPLOIT
Detailed paths
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.10.0 › com.google.cloud:google-cloud-spanner-jdbc@2.11.1 › org.threeten:threetenbp@1.6.8
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.10.0 › com.google.cloud:google-cloud-storage@2.22.5 › org.threeten:threetenbp@1.6.8
Security information
Factors contributing to the scoring:
Snyk: CVSS 6.2 - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition) method, when the string is empty, the parameter index is 10, and the errorIndex is 10.
Completion Criteria
The text was updated successfully, but these errors were encountered: