-
Notifications
You must be signed in to change notification settings - Fork 213
Closed
Labels
dependenciesPull requests that update a dependency filePull requests that update a dependency filefor: eclipsesomething that is specific for Eclipsesomething that is specific for Eclipsefor: vscodesomething that is specific for VSCodesomething that is specific for VSCodetheme: internal-architecture
Milestone
Description
Describe the bug
The VScode extension pivotal.vscode-spring-boot-1.40.0
includes the file language-server\BOOT-INF\lib\commons-text-1.9.jar
. A critical security issue is reported as CVE-2022-42889 for this release. This error has been fixed in releases 1.10.0 and higher.
Please update the dependency to one not vulnerable.
To Reproduce
- Install the current extension "Pivotal Spring Boot Tools" on VScode.
- Inspect the contents of the path
%HOME%\.vscode\extensions\pivotal.vscode-spring-boot-1.40.0\language-server\BOOT-INF\lib
to find the vulnerable jar file.
Metadata
Metadata
Assignees
Labels
dependenciesPull requests that update a dependency filePull requests that update a dependency filefor: eclipsesomething that is specific for Eclipsesomething that is specific for Eclipsefor: vscodesomething that is specific for VSCodesomething that is specific for VSCodetheme: internal-architecture