https://github.com/folio-org/mod-spring-sample has multiple security vulnerabilities in dependencies.
- archive this repository (details: FOLIO-1838 and
- or handle each vulnerability: Update the dependency, or add a section to the README and explain for each vulnerable dependency why mod-spring-sample is not affected.
Dependencies with vulnerabilities:
- org.springframework:firstname.lastname@example.org.RELEASE Spring4Shell Remote Code Execution (RCE) https://nvd.nist.gov/vuln/detail/CVE-2022-22965
- net.minidev:email@example.com Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2021-27568
- com.fasterxml.jackson.core:firstname.lastname@example.org Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2020-36518
- org.apache.tomcat.embed:email@example.com Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2021-41079
- org.apache.tomcat.embed:firstname.lastname@example.org Remote Code Execution (RCE) https://nvd.nist.gov/vuln/detail/CVE-2021-25329
- org.glassfish:email@example.com Improper Input Validation https://nvd.nist.gov/vuln/detail/CVE-2021-28170
- com.h2database:firstname.lastname@example.org Remote Code Execution (RCE) https://nvd.nist.gov/vuln/detail/CVE-2022-23221