we starting to examine the sonarqube use in our organization (Bank).
we already have the 6.1 version and we want to upgrade it.
when we trying to insert the 7.2.1 version package to the bank network we got the following information from our security team -
- Threat name: Exploit.CVE.JS.3486
- File: sonarqube-7.2.1.zip\sonarqube-7.2.1\lib\common\hazelcast-3.8.6.jar\com\hazelcast\client\impl\protocol\DefaultMessageTaskFactoryProvider$228.class .
we currently cannot insert it to ourorganization because security team blocking us.
can you please share your thoughts about this issue?