vulnerability found in commons-io:commons-io



Hi! We spot a vulnerable dependency in your project, which might threaten your software. 
And we found that the vulnerable function of this CVE can be easily accessed from your software, there is no constraint along the invocation path to the vulnerable function.

+ CVE_ID: **CVE-2021-29425**
+ Vulnerable dependency: **commons-io:commons-io**
+ Your invocation path to the vulnerable method:
```java
com.pinterest.singer.common.LogStream:<init>(com.pinterest.singer.common.SingerLog,java.lang.String)
⬇️
org.apache.commons.io.FilenameUtils:concat(java.lang.String,java.lang.String)
⬇️
org.apache.commons.io.FilenameUtils:getPrefixLength(java.lang.String)
```

Therefore, may be you need to upgrade this dependency. Hope this can help you! 😄



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

vulnerability found in commons-io:commons-io #233

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

vulnerability found in commons-io:commons-io #233

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions