Hello there,
Blackduck scan found many CVE* vulnerabilities in SQLDeveloper 23.1 version on Mac arc (Mac Mini2).
icu4j.jar file is flagged for 55.1 version which has many vulnerabilities
woodstox-core-6.0.2.jar is also flagged for vulnerabilities.
Does any jar files or plugins included for Mozilla in SQLDeveloper product has we found version 4.0.1
Can someone please confirm that these products are packaged with SQLDeveloper and contain vulnerabilities? If so, how to remediate these?
Thanks,
Jaya Dara