Skip to main content

Fix example transitive vulnerability for Maven

To fix a transitive library for Maven, override the transitive dependency by adding the appropriately versioned dependency as a direct library.

These steps provide a fix for a Timing Attack Via Comparison Function vulnerability in OrientDB Core, version 2.1.9 in the example-java-maven repository.

To complete this task:

  1. Add this text to the pom.xml file in the root of the project:

    <dependency>
    <groupId>com.orientechnologies</groupId>
    <artifactId>orientdb-core</artifactId>
    <version>2.1.11</version>
    </dependency>

  2. Validate the fix.