My mule application is built using Mule Runtime 4.4.0. In the
pom.xml of the application, I have specified the
<dependency> <groupId>org.mule.connectors</groupId> <artifactId>mule-http-connector</artifactId> <version>1.7.3</version> <classifier>mule-plugin</classifier> </dependency>
To check for any vulnerabilities, I am using the OWASP Dependency-Check plugin with the following command:
The dependency-check HTML report generated by this plugin shows
mule-module-cors-kernel-1.1.2.jar as a vulnerable dependency which is a transitive dependency of
The following vulnerabilities were identified:
I am not sure if these vulnerabilities apply to Mule Runtime 4.4.0. Is the report generated by the OWASP Dependency-Check tool a false positive? If the vulnerability is valid, what measures should be taken to fix it?