forked from MarkusBernhardt/proxy-vole
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in ini4j dependency #41
Comments
Is it possible to close this issue? You can check https://mvnrepository.com/artifact/org.ini4j/ini4j for 0.5.4 there is no found vulnerabilities. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ini4j dependency of proxy-vole has an open vulnerability, CVE-2022-41404. The ini4j project appears to be abandoned; the issue to resolve the CVE has received no response from the maintainer in over four months.
(Despite the CVE stating versions up to 0.5.4, it's been noted on the issue tracker that the vulnerability is still present in version 0.5.4. The CPE matches all versions of ini4j, which appears to be correct.)
Please consider an alternate library for INI parsing, or perhaps switch to a fork of ini4j which addresses the vulnerability. https:/SuperMap/ini4j is one such possibility.
The text was updated successfully, but these errors were encountered: