Sonar scanner CLI vulnerability

Hello, it seems the Scanner CLI has a vulnerability in one of the packages it uses.

Our Twistlock scan detects the following:
package com.squareup.okhttp3_okhttp_3.14.2 - fixed in 4.9.2

Using the latest version 4.7.0.2747 from GitHub - SonarSource/sonar-scanner-cli: Scanner CLI for SonarQube and SonarCloud

I don’t see a direct reference to that package in the source, do you know how it could be fixed?

Thanks

Hey there.

Take a look at this thread:

1 Like