1、具体报警信息
Dependency maven:org.elasticsearch:elasticsearch:8.6.2 is vulnerable CVE-2021-22146 7.5 Exposure of Resource to Wrong Sphere vulnerability CVE-2023-31419 7.5 Out-of-bounds Write vulnerability with High severity found CVE-2023-46673 7.5 Improper Handling of Exceptional Conditions vulnerability with High severity found Results powered by Checkmarx(c)
翻译:
翻译过来大致意思是:该版本elasticsearch在数据泄露方面存在高风险
解决:
将版本升级到修复漏洞后的安全版本,我这里升级到了8.12.0,刷新pom.xml,不再报警,问题解决。