OSS vulnerability with guava < 30.0 #183
Description
depscan is reporting two CVEs in this repo with guava.
Dependency Scan Results (scala)
╔══════════════════════╤═════════╤════════════╤═════════╤════════════╤══════════╤═══════╗
║ Id │ Package │ Used? │ Version │ Fix │ Severity │ Score ║
║ │ │ │ │ Version │ │ ║
╟──────────────────────┼─────────┼────────────┼─────────┼────────────┼──────────┼───────╢
║ CVE-2018-10237 │ guava │ Yes │ * │ 30.0 │ MEDIUM │ 5.0 ║
║ CVE-2020-8908 │ guava │ Yes │ <30.0 │ 30.0 │ LOW │ 3.3 ║
[info] +-io.shiftleft:codepropertygraph_2.13:1.3.45 [S]
[info] | +-com.github.pathikrit:better-files_2.13:3.8.0 (evicted by: 3.9.1)
[info] | +-com.github.pathikrit:better-files_2.13:3.9.1 [S]
[info] | +-io.shiftleft:codepropertygraph-domain-classes_2.13:1.3.45 [S]
[info] | | +-io.shiftleft:codepropertygraph-schema_2.13:1.3.45 [S]
[info] | | +-io.shiftleft:overflowdb-traversal_2.13:1.28 [S]
[info] | | +-com.massisframework:j-text-utils:0.3.4
[info] | | | +-au.com.bytecode:opencsv:2.4
[info] | | | +-com.google.guava:guava:21.0
overflowdb/traversal/build.sbt
Line 6 in 5bf2340
Should be originating from j-text-utils https://github.com/RuedigerMoeller/j-text-utils/blob/master/pom.xml#L24