Its unlikely to be relevant for you since the vulnerability only affects
the scaladocs, i.e., documentation.
On 7/2/2021 2:10 PM, Debraj Manna wrote:
Hi,
I was running owasp-dependency-check
<https://owasp.org/www-project-dependency-check/> in a java
application based on flink-1.13.0 (scala 2.12). scala 2.12.7 was
getting flagged for this
<https://ossindex.sonatype.org/vulnerability/bd61dd10-4348-45cd-a09e-094e9d588715?component-type=maven&component-name=org.scala-lang.scala-library&utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6>.
Relevant Dependency for this -
FO] +- org.apache.flink:flink-streaming-java_2.12:jar:1.13.0:provided
[INFO] | +- org.apache.flink:flink-file-sink-common:jar:1.13.0:provided
[INFO] | +- org.apache.flink:flink-runtime_2.12:jar:1.13.0:compile
[INFO] | | +-
org.apache.flink:flink-queryable-state-client-java:jar:1.13.0:compile
[INFO] | | +- org.apache.flink:flink-hadoop-fs:jar:1.13.0:compile
[INFO] | | +- commons-io:commons-io:jar:2.7:compile
[INFO] | | +-
org.apache.flink:flink-shaded-netty:jar:4.1.49.Final-13.0:compile
[INFO] | | +-
org.apache.flink:flink-shaded-jackson:jar:2.12.1-13.0:compile
[INFO] | | +-
org.apache.flink:flink-shaded-zookeeper-3:jar:3.4.14-13.0:compile
[INFO] | | +- org.javassist:javassist:jar:3.24.0-GA:compile
[INFO] | | +- org.scala-lang:scala-library:jar:2.12.7:compile
Can anyone suggest if flink app is vulnerable to this or can safely be
ignored?
Thanks
