Skip to content

Commit 601fafd

Browse files
dinesh1pateldinesh1patel
authored
CCD-5953 : Fix CVE-2023-52428 (#160)
* bumped spring security * add nimbus-jose-jwt 9.37.2 * reverted bump to nimbus
1 parent 238722d commit 601fafd

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

build.gradle

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,8 @@ ext['snakeyaml.version'] = '2.0'
177177
ext['spring-security.version'] = '5.8.10'
178178

179179
dependencies {
180+
//implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.37.2' //Fix for CVE-2023-52428
181+
180182
implementation("org.springframework.cloud:spring-cloud-starter-bootstrap")
181183
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
182184
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'

config/owasp/suppressions.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,11 @@
77
CVE-2023-6481 refer [Ticket]
88
CVE-2023-6481 refer [Ticket]
99

10-
CVE-2023-52428 refer [Ticket]
1110
CVE-2024-38820 refer [Ticket]</notes>
1211
<cve>CVE-2023-34055</cve>
1312
<cve>CVE-2023-6378</cve>
1413
<cve>CVE-2023-35116</cve>
1514
<cve>CVE-2023-6481</cve>
16-
<cve>CVE-2023-52428</cve>
1715
<cve>CVE-2024-38820</cve>
1816
</suppress>
1917
</suppressions>

0 commit comments

Comments
 (0)