You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found you are using a dependency with CVE. I found the buggy methods of the CVE in the program execution path of your project. To prevent potential security risks it may cause, I suggest a version update. Here is the detailed information:
Some files in your project call the library method org.apache.uima.cas.impl.XmiCasDeserializer.deserialize(java.io.InputStream,org.apache.uima.cas.CAS), which can reach the buggy method of CVE-2017-15691.
Files in your project:
src/main/java/cz/brmlab/yodaqa/pipeline/AnswerHitlistDeserialize.java
Update suggestion: version 2.10.4
2.10.4 is a safe version without CVEs. From 2.6.0 to 2.10.4, 31 of the APIs (called by 115 times in your project) were modified.
The text was updated successfully, but these errors were encountered:
I found you are using a dependency with CVE. I found the buggy methods of the CVE in the program execution path of your project. To prevent potential security risks it may cause, I suggest a version update. Here is the detailed information:
Vulnerable Dependency: org.apache.uima : uimaj-core : 2.6.0
Call Chain to Buggy Methods:
Some files in your project call the library method org.apache.uima.cas.impl.XmiCasDeserializer.deserialize(java.io.InputStream,org.apache.uima.cas.CAS), which can reach the buggy method of CVE-2017-15691.
src/main/java/cz/brmlab/yodaqa/pipeline/AnswerHitlistDeserialize.java
Update suggestion: version 2.10.4
2.10.4 is a safe version without CVEs. From 2.6.0 to 2.10.4, 31 of the APIs (called by 115 times in your project) were modified.
The text was updated successfully, but these errors were encountered: