[
https://issues.apache.org/jira/browse/MCOMPILER-601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17908219#comment-17908219
]
Elliotte Rusty Harold commented on MCOMPILER-601:
-------------------------------------------------
How are you getting multiple versions of the same dependency in the report?
This suggests the tool is broken and looking at the tree rather than the
classpath.
> Apache Maven Compiler Plugin 3.13.0 and lower version has Vulnerabilities
> from dependencies: CVE-2021-26291
> -----------------------------------------------------------------------------------------------------------
>
> Key: MCOMPILER-601
> URL: https://issues.apache.org/jira/browse/MCOMPILER-601
> Project: Maven Compiler Plugin
> Issue Type: Bug
> Reporter: Hari Prakash
> Priority: Critical
>
> Apache Maven Compiler Plugin 3.13.0 and lower version has Vulnerabilities
> from dependencies: CVE-2021-26291
> [Maven Repository: org.apache.maven.plugins » maven-compiler-plugin » 3.13.0
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-compiler-plugin/3.13.0]
> Below are some of the maven libraries this plugin refers to and these has
> Vulnerabilities.
> |gav://org.codehaus.plexus:plexus-utils:2.0.5|
> |gav://org.codehaus.plexus:plexus-utils:3.0.8|
> |gav://org.codehaus.plexus:plexus-utils:3.0.8|
> |gav://org.codehaus.plexus:plexus-utils:3.0.8|
> |gav://org.apache.maven:maven-core:2.0.9|
> |gav://org.codehaus.plexus:plexus-utils:1.1|
> |gav://org.codehaus.plexus:plexus-archiver:2.1|
> |gav://org.codehaus.plexus:plexus-utils:3.0|
> |gav://org.codehaus.plexus:plexus-utils:3.0.5|
> |gav://org.codehaus.plexus:plexus-utils:2.0.5|
> |gav://org.codehaus.plexus:plexus-utils:3.0.8|
> |gav://org.codehaus.plexus:plexus-utils:3.0.8|
> |gav://org.codehaus.plexus:plexus-utils:3.0.8|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
