Update known vulnerabilities

doc/known-vulnerabilities.csv

@@ -1,4 +1,5 @@
 DependencyName,DependencyPath,Description,License,Md5,Sha1,Identifiers,CPE,CVE,CWE,Vulnerability,Source,CVSSv2_Severity,CVSSv2_Score,CVSSv2,CVSSv3_BaseSeverity,CVSSv3_BaseScore,CVSSv3,CPE Confidence,Evidence Count,VendorProject,Product,Name,DateAdded,ShortDescription,RequiredAction,DueDate,Notes
+commons-compress-1.21.jar,/home/runner/.m2/repository/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar,"Apache Commons Compress software defines an API for working with compression and archive formats.  These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.",https://www.apache.org/licenses/LICENSE-2.0.txt,2a713d10331bc4e13459a3dc0463f16f,4ec95b60d4e86b5c95a0e919cb172a0af98011ef,pkg:maven/org.apache.commons/commons-compress@1.21,cpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*,CVE-2024-25710,CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop'),Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.  Users are recommended to upgrade to version 1.26.0 which fixes the issue.,OSSINDEX,,,,HIGH,8.100000381469727,CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H,HIGH,104,,,,,,,,
 core.specs.alpha-0.2.62.jar,/home/runner/.m2/repository/org/clojure/core.specs.alpha/0.2.62/core.specs.alpha-0.2.62.jar,Specs for clojure.core,Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php,b1e37e6e8efdade6b7c2a4dd17c0d437,a2a7ea21a695561924bc8506f3feb5d8c8f894d5,pkg:maven/org.clojure/core.specs.alpha@0.2.62,cpe:2.3:a:clojure:clojure:0.2.62:*:*:*:*:*:*:*,CVE-2017-20189,CWE-502 Deserialization of Untrusted Data,"In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.",NVD,,,,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,17,,,,,,,,
 jackson-databind-2.14.2.jar,/home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.2/jackson-databind-2.14.2.jar,General data-binding functionality for Jackson: works on core streaming API,"The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",c1b12dd14734cd1986132bf55042dd7e,01e71fddbc80bb86f71a6345ac1e8ab8a00e7134,pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2,"cpe:2.3:a:fasterxml:jackson-databind:2.14.2:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*",CVE-2023-35116,CWE-770 Allocation of Resources Without Limits or Throttling,"jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",NVD,,,,MEDIUM,4.7,CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A,HIGH,40,,,,,,,,
 spec.alpha-0.3.218.jar,/home/runner/.m2/repository/org/clojure/spec.alpha/0.3.218/spec.alpha-0.3.218.jar,Specification of data and functions,Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php,ecdbb58e7a95163c1369ef9fa054013d,a7dad492f8d6cf657d82dcd6b31bda0899f1ac0e,pkg:maven/org.clojure/spec.alpha@0.3.218,cpe:2.3:a:clojure:clojure:0.3.218:*:*:*:*:*:*:*,CVE-2017-20189,CWE-502 Deserialization of Untrusted Data,"In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.",NVD,,,,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,26,,,,,,,,