-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-50572: Found this vulnerability in scala-compiler-2.13.12 #12969
Comments
IIUC, the corresponding bug (jline/jline3#909) is in If there's a way this bug can be triggered in Scala, please re-open. |
I second Lukas that the vulnerable class does not exist in the JAR we depend on. Regardless, we expect to release Scala 2.13.14 soon, like within the next few weeks, and it will include the JLine 3.25.1 upgrade, as per #12933 . So at that point even the appearance of an issue will vanish. |
Reproduction steps
scala-compiler-2.13.12 has jline-3.22.0.jar as a dependency which is having vulnerabilty:
https://www.mend.io/vulnerability-database/CVE-2023-50572.
Problem
How can we remediate this vulnerability (https://www.mend.io/vulnerability-database/CVE-2023-50572).
Also, 2.13.13 version of scala compiler which is using jline 3.24.1 is also vulnerable and it needs to be shifted to above jline version 3.25.0.
The text was updated successfully, but these errors were encountered: