Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in ini4j dependency #41

Closed
zcronix opened this issue Feb 2, 2023 · 1 comment
Closed

Vulnerability in ini4j dependency #41

zcronix opened this issue Feb 2, 2023 · 1 comment

Comments

@zcronix
Copy link

zcronix commented Feb 2, 2023

The ini4j dependency of proxy-vole has an open vulnerability, CVE-2022-41404. The ini4j project appears to be abandoned; the issue to resolve the CVE has received no response from the maintainer in over four months.

(Despite the CVE stating versions up to 0.5.4, it's been noted on the issue tracker that the vulnerability is still present in version 0.5.4. The CPE matches all versions of ini4j, which appears to be correct.)

Please consider an alternate library for INI parsing, or perhaps switch to a fork of ini4j which addresses the vulnerability. https:/SuperMap/ini4j is one such possibility.
@gokceryapar
Copy link

gokceryapar commented Sep 1, 2023
edited
Loading

Is it possible to close this issue? You can check https://mvnrepository.com/artifact/org.ini4j/ini4j for 0.5.4 there is no found vulnerabilities.

@akuhtz akuhtz closed this as completed Sep 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akuhtz @gokceryapar @zcronix