Skip to main content

Fix example transitive vulnerability for Gradle

To fix a transitive library for Gradle, override the transitive dependency by adding the appropriately versioned dependency as a direct library.

These steps provide a fix for a Timing Attack Via Comparison Function vulnerability in OrientDB Core, version 2.1.9 in the example-java-gradle repository.

To complete this task:

  1. Edit the build.gradle file in the root of the project, and add this text in the dependencies scope:

    compile ('com.orientechnologies:orientdb-core:2.1.11') {
    force = true
  2. Validate the fix.