Package com.thoughtworks.xstream has multiple reported vulnerabilities

Description

When using OWASP Dependency Check for a project using JBehave 4.8.3, it reports 12 vulnerabilities in the xstream package:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Axstream_project&cpe_product=cpe%3A%2F%3Axstream_project%3Axstream&cpe_version=cpe%3A%2F%3Axstream_project%3Axstream%3A1.4.15

Activity

Show:

Javier T June 15, 2021 at 4:25 PM

Package com.thoughtworks.xstream is only used in the jbehave-rest module. Version 1.4.17 of xstream dependency removes the vulnerabilities. This is included in my forked project, commit:

Done

Details
Assignee
Valery Yatsynovich
Reporter
Javier T
Fix versions
5.0
Priority
Minor

Created June 15, 2021 at 4:08 PM

Updated June 17, 2021 at 6:24 PM

Resolved June 17, 2021 at 6:24 PM

Package com.thoughtworks.xstream has multiple reported vulnerabilities

Description

Activity

Javier T June 15, 2021 at 4:25 PM

DetailsAssigneeValery YatsynovichValery YatsynovichReporterJavier TJavier TFix versions5.0PriorityMinor

Details

Assignee

Reporter

Fix versions

Priority

Details
Assignee
Valery Yatsynovich
Reporter
Javier T
Fix versions
5.0
Priority
Minor