Hi, Hugh Pearse. Thanks for checking the dependency's vulnerabilities in Calcite. It is precious. We can create an ISSUE in JIRA.
Hugh Pearse <hughpea...@gmail.com> 于2024年10月2日周三 15:56写道: > > Our security team found these issues: > > > - Scan of *https://github.com/apache/calcite.git > <https://github.com/apache/calcite.git>* on *Sep 27, 2024* > Version Scanned: *latest* > > Vulnerabilities > SeverityPkgNameInstalled VersionFixed VersionVulnerability IDReference > HIGH webrick 1.7.0 >= 1.8.2 CVE-2024-47220 > https://avd.aquasec.com/nvd/cve-2024-47220 > MEDIUM nokogiri 1.14.3 1.15.6, 1.16.2 GHSA-vcc3-rw6f-jv97 > https://github.com/advisories/GHSA-vcc3-rw6f-jv97 > MEDIUM nokogiri 1.14.3 ~> 1.15.6, >= 1.16.2 GHSA-xc9x-jj77-9p9j > https://github.com/advisories/GHSA-xc9x-jj77-9p9j > MEDIUM rexml 3.2.5 >= 3.2.7 CVE-2024-35176 > https://avd.aquasec.com/nvd/cve-2024-35176 > MEDIUM rexml 3.2.5 >= 3.3.2 CVE-2024-39908 > https://avd.aquasec.com/nvd/cve-2024-39908 > MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41123 > https://avd.aquasec.com/nvd/cve-2024-41123 > MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41946 > https://avd.aquasec.com/nvd/cve-2024-41946 > MEDIUM rexml 3.2.5 >= 3.3.6 CVE-2024-43398 > https://avd.aquasec.com/nvd/cve-2024-43398 > > From, > Hugh Pearse
