Home > Back-end >  Is it safe to use artifact that has vulnerability on test dependency?
Is it safe to use artifact that has vulnerability on test dependency?

Time:08-02

I'm trying to use artifact that is on mvnrepository

https://mvnrepository.com/artifact/org.apache.commons/commons-collections4/4.4

As you can see [test dependencies], JUnit 4.12 has a vulnerability and has red warning sign.

I've downloaded this artifact via Gradle and inspected the external library. I found that pom.xml on commons-collections4 has test dependency for JUnit 4.12 actually.

Is it safe to use an artifact that has vulnerability on test dependency?

CodePudding user response:

  1. you see "red warning sign" just because commons-collections exposes to much information about their build process when publishing artifacts
  2. it is not a good idea to check dependencies manually, OWASP developed a nice plugin for both gradle and maven - do not waste your time on manual checks

Page link:https//www.codepudding.com/Backend/496650.html

Prev:Maven Packaging
Next:Why I'm getting ERR_HTTP_INVALID_STATUS_CODE?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding