I need to fix the vulnerabilities found in my project using some scan tools. The problem I am having is, the vulnerabilities are in the external/third-party jar files, and they are already at the higher version. So, is there any approach to follow to fix these issues and get it fixed by in the scan tool?
This problem has a very difficult solution.
Sometimes you will unzip the jar, and upgrade manually the vulnerable dependency, but not always works.
Try to change the library, it's my best advice.