CVE-2022-24329 - through Kotlin 1.5.21 dependency #502
Replies: 1 comment 1 reply
-
|
This project is not being worked on, so there will be no updates right now. If and when development resumes, the Kotlin version will be updated to the latest. That CVE only affects Kotlin builds that include a JS target. This project is JVM/Android only and is unaffected. Moreover, our selected Kotlin stdlib version does not influence the Kotlin Gradle plugin version (where the problem exists) in downstream projects, as they must declare that dependency on their own. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for replying!.. and more so with the fact it isn't worked on. Your explanation helps with mitigating efforts. |
Beta Was this translation helpful? Give feedback.
-
When could the dependencies of this project be reviewed for security vulnerabilities? Kotlin 1.5 has a medium severity vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2022-24329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24329
Beta Was this translation helpful? Give feedback.
All reactions