3 critical CVSS even after upgrade to latest (1.7.7.1)

[uCatu]

Hi all,
We are running OWASP dependency checker and got 3 critical CVSS:

istio-common:1.7.7.1 | Istio Before 1.8.6 and 1.9.x Before 1.9.5 Contains a Remotely Exploitable Vulnerability Where an External Client Can Access Unexpected Services in the Cluster, Bypassing Authorization Checks, When a Gateway Is Configured With AUTO_PASSTHROUGH Routing Configuration.(in istio-common-1.7.7.1.jar)

Location	Component Name	Component Version	Group
istio-common-1.7.7.1.jar	me.snowdrop:istio-common	1.7.7.1	N

862	CVE-2021-31921

Mitigation
Update me.snowdrop:istio-common:1.7.7.1 to at least the version recommended in the description

What is your recommendation to solve this?
Thanks!

[FWiesner]

the CVEs you refer to are for Istio itself. This library here is "just" a client to the Istio custom resources. Seems the detection configuration in the OWASP rule set leads to a false positive. This project cannot do anything about it