Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-3458

spring-module-core: postgresql Remote Code Execution (CVE-2022-21724)

    XMLWordPrintable

Details

    • None
    • TBD

    Description

      https://github.com/folio-org/spring-module-core uses org.postgresql:postgresql@42.2.23 JDBC driver: https://github.com/folio-org/spring-module-core/blob/main/domain/pom.xml#L49-L52

      org.postgresql:postgresql version before 42.2.25 and before 42.3.2 are vulnerable to Remote Code Execution (RCE) when using certain plugin features: https://nvd.nist.gov/vuln/detail/CVE-2022-21724

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. FOLIO-3389 Upgrade spring-module-core to Spring Boot 2.6

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Tech Debt - FOLIO-3456 Test coverage for spring-module-core, mod-workflow, mod-camunda, mod-spring-sample

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Open

            Activity

              People

                wwelling William Welling
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases