I need to fix the vulnerabilities found in my project using some scan tools. The problem I am having is, the vulnerabilities are in the external/third-party jar files, and they are already at the higher version. So, is there any approach to follow to fix these issues and get it fixed by in the scan tool?
Asked
Active
Viewed 614 times
0
-
4There are no generic answers here. You will have to look at each of those warnings individually and then decide if the risk is acceptable, or how to mitigate it. You are like person calling their garage "my car is making strange noises A, B, C, now please tell me how to fix all of that". We simply can't. There aren't simple answers to a lot of problems, and this is definitely such a problem. – GhostCat Mar 31 '22 at 14:10
-
But it the analogous situation the person is not even describing the noises to the mechanic ... – Stephen C Mar 31 '22 at 14:16
-
Tell the scan tool to stop reporting these. – Thorbjørn Ravn Andersen Mar 31 '22 at 14:24
1 Answers
0
This problem has a very difficult solution.
Sometimes you will unzip the jar, and upgrade manually the vulnerable dependency, but not always works.
Try to change the library, it's my best advice.
David Tabernero
- 16
- 1
-
As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 31 '22 at 14:21