Vulnerable shared library might make mpos-sdk vulnerable. Can you help upgrade to patch versions?

Hi, @mbnakaya , @caiogaspar , I'd like to report a vulnerability issue in **br.com.moip:mpos-sdk:7.0.1**.
### Issue Description
**br.com.moip:mpos-sdk:7.0.1** directly or transitively depends on ***20*** C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C library is vulnerable, containing the following CVEs:

`libthirdParty.so` from C project **openssl(version:1.0.2o)** exposed ***3*** vulnerabilities:
[CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712), [CVE-2020-1968](https://nvd.nist.gov/vuln/detail/CVE-2020-1968), [CVE-2019-1552](https://nvd.nist.gov/vuln/detail/CVE-2019-1552)

### Suggested Vulnerability Patch Versions
***openssl*** has fixed the vulnerabilities in versions ***>=1.1.1l***

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Helen Parr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerable shared library might make mpos-sdk vulnerable. Can you help upgrade to patch versions? #144

Issue Description

Suggested Vulnerability Patch Versions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerable shared library might make mpos-sdk vulnerable. Can you help upgrade to patch versions? #144

Description

Issue Description

Suggested Vulnerability Patch Versions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions