Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-3457

spring-module-core: h2database:h2 Remote Code Execution (CVE-2022-23221)

    XMLWordPrintable

Details

    • None
    • TBD

    Description

      https://github.com/folio-org/spring-module-core uses com.h2database:h2@1.4.200: [ https://github.com/folio-org/spring-module-core/blob/main/domain/pom.xml#L44-L47|https://github.com/folio-org/spring-module-core/blob/main/domain/pom.xml#L44-L47]

      H2 before 2.1.210 allows remote attackers to execute arbitrary code: https://nvd.nist.gov/vuln/detail/CVE-2022-23221

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. FOLIO-3389 Upgrade spring-module-core to Spring Boot 2.6

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Tech Debt - FOLIO-3456 Test coverage for spring-module-core, mod-workflow, mod-camunda, mod-spring-sample

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Open

            Activity

              People

                wwelling William Welling
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases