How to fix vulnerability warning for 'rest-assured' dependency?

Answered

Created July 20, 2025 05:17

Hi everyone,

I'm working on a Maven project in IntelliJ IDEA and having trouble properly setting up RestAssured as a test dependency.

My current is:

<dependency>
  <groupId>io.rest-assured</groupId>
  <artifactId>rest-assured</artifactId>
  <version>5.4.0</version>
</dependency>

IntelliJ is showing this vulnerability warning:

WS-2019-0379 | Transitive Input Validation

I’ve tried a lot of things and also using other RestAssured versions (like 5.3.0, 5.2.0) and also added Groovy manually to address transitive dependency issues:

<dependency>
  <groupId>org.codehaus.groovy</groupId>
  <artifactId>groovy</artifactId>
  <version>2.4.21</version> <!-- Safe version -->
</dependency>

But the problem persists. Please let me know if you have any ideas or suggestions.

Thanks in advance!

1 comment

Arina Efremova

Created July 21, 2025 11:09

Hi Emma,

The rest-assured dependency that you are using provides the following transitive dependencies:

commons-codec:commons-codec version 1.11
org.apache.commons:commons-lang3 version 3.11

Each of these dependencies has a known security vulnerability:

WS-2019-0379 says that the commons-codec dependency should be at least of version 1.13-RC1 to avoid this issue.
CVE-2025-48924 says that the commons-lang dependency needs to be at least version 3.18.0

With that in mind, you can manually add higher versions of the transient dependencies to your pom.xml (and reload the project in the Maven tool window) in order for Maven to use them and for the warning to go away:

        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
            <version>1.15</version>
        </dependency>

        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.18.0</version>
        </dependency>

Please sign in to leave a comment.