The below components are reported as vulnerabilities and need to be upgraded
|Component Name||Component Version|
The above package is vulnerable to Comparison Using Wrong Factors. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
This is a test dependency, hence QPID broker is not vulnerable to the reported issue. Though, we need to upgrade the bouncycastle version in order to stop from being flagged by scanning tools