I'm dealing with some NexusIQ reports about Highest Policy Threat and Security Violation Threat
when upgrading to org.springframework:spring-web@5.3.22 which is the version used under the org.springframework.boot : spring-boot-starter-web : 2.7.3.
Here is an image of the report for these dependencies;
It looks like apparently, even the latest version of the spring-web library has the same issue (See the picture). I have done some research and according to Snyk, the current version that I'm using has no direct vulnerabilities.
- Any idea which one is wrong?
- Am I interpreting these reports in the wrong way?
- How can I solve this issue in case the NexusIQ report is correct?
