We are using 9.6.1 version of SonarQube , we scanned our files in Veracode . In the report we got there was several vulnerabilities issues in many of the jar versions .
We found that even in the latest version of SonarQube these jars have older version which have vulnerabilities issues with severity of high and medium.
Could you please suggest how to resolve these vulnerabilities issues because we cannot directly update these from our end.
Below are the details :-
jar in current version
h2-2.1.212.jar
postgresql-42.4.0.jar
snakeyaml-1.30.jar
netty-codec-4.1.66.Final.jar
netty-codec-http-4.1.66.Final.jar
protobuf-java-3.21.0-rc-1.jar
netty-handler-4.1.66.Final.jar
jackson-dataformat-cbor-2.10.4.jar
jar version recommended
h2-2.1.214.jar
snakeyaml-1.33.jar
netty-codec-5.0.0.Alpha2.jar
netty-codec-http-5.0.0.Alpha2.jar
protobuf-java-4.0.0-rc-2.jar
netty-handler-5.0.0.Alpha2.jar
jackson-dataformat-cbor-2.14.0-rc2.jar