Downgrade Commons to 1.9

[darrenpmeyer]

No description provided.

[github-actions]

Warning

Endor Labs detected 1 policy violations associated with this pull request.

Please review the findings that caused the policy violations.

📋 Policy: Reachable Vulns (Crit/High) (1 finding)

📥 Package mvn://com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT

⤵️ Dependency: mvn://org.apache.commons:commons-text@1.9

🚩 GHSA-599f-7c49-w659: Arbitrary code execution in Apache Commons Text

Details

• Severity: Critical
• Tags: Direct Reachable Function Reachable Dependency Normal Fix Available
• Categories: Security Vulnerability
• Summary: org.apache.commons:commons-text@1.9 has a critical vulnerability identified by GHSA-599f-7c49-w659: Arbitrary code execution in Apache Commons Text. A vulnerable function is reachable. This vulnerability was fixed in version 1.10.0.
  org.apache.commons:commons-text@1.9 is a direct dependency of com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT.
• Remediation: Update com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT to use org.apache.commons:commons-text version 1.10.0 (current: 1.9, latest: 1.11.0).

---

This comment was automatically generated by Endor Labs.
Scanned @ 12-13-2023 18:41:18 UTC