[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issues #72

Open
MalshaUdani opened this issue Oct 26, 2022 · 1 comment
Open

Security Issues #72

MalshaUdani opened this issue Oct 26, 2022 · 1 comment

Comments

@MalshaUdani
Copy link
Contributor
MalshaUdani commented Oct 26, 2022
edited
Loading

Hi, Thank you for this useful plugin implementation and we are planning to integrate this for our tests. As a company prerequisite, performed a Verocode security scan and identified following issues related to transitive dependencies;

Screenshot 2022-10-26 at 13 42 21

High severity vulnerabilities;
https://nvd.nist.gov/vuln/detail/CVE-2022-34169
https://nvd.nist.gov/vuln/detail/CVE-2022-42889

Appreciate if you could look into these and provide the plan to mitigate these issues.

Thanks
@mderevyankoaqa
Copy link
Owner
mderevyankoaqa commented Oct 26, 2022
edited
Loading

@MalshaUdani wow,

will take a look, for sure in the project a lot of third-party dependencies have been used. like jmeter core or influxDb driver. So there is a small chance to mitigate this. BTW I haven't seen any criticality in sonatype report. https://ossindex.sonatype.org/component/pkg:maven/io.github.mderevyankoaqa/jmeter-plugins-influxdb2-listener@2.5

image

BR,
Mike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MalshaUdani @mderevyankoaqa