Dependencies Vulnerabilities Sonarqube Community 9.9

Hello team,

We had a security scan on 9.9 LTS version of sonarqube community and returned CVE-2022-45688.

Could you please confirm whether Sonarqube is affected by CVE-2022-45688 and if so, are there plans to update the affected depenedencies?

Hey there.

CVE-2022-45688 - The vulnerable method is not used in SonarQube - Not vulnerable. We will update the dependency anyways in SonarQube 10.1.

In the future, our responsible disclosure policy asks that you email rather than making public posts.