I am working on one project and we are using tool Whitesource for our project. The system Whitesource tells me usually that I need to update some dependency. Now it just says Whitesource shows a problem Security Vulnerability with the message:
An issue was found in io.springfox:springfox-swagger-ui. This vulnerability can lead to �Log injection�- whereas untrusted data gets written into log files/entries. It allows attackers to forge log entries or inject malicious content into the logs.
pom.xml
<dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-common</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>3.0.0</version> <scope>compile</scope> </dependency>
Please help me solve the problem or tell me where to start solving the problem.
Unfortunately, SpringFox https://github.com/springfox/springfox is not maintained for last 2 years. Applications currently leveraging SpringFox should migrate to SpringDoc. SprinDoc GitHub repo and here is migration guide