Details
-
Bug
-
Status: Closed (View Workflow)
-
TBD
-
Resolution: Done
-
None
-
Other dev
-
TBD
Description
https://github.com/folio-org/mod-spring-sample has multiple security vulnerabilities in dependencies.
Either
- archive this repository (details: FOLIO-1838 and
FOLIO-1710) - or handle each vulnerability: Update the dependency, or add a section to the README and explain for each vulnerable dependency why mod-spring-sample is not affected.
Dependencies with vulnerabilities:
- org.springframework:spring-beans@5.2.10.RELEASE Spring4Shell Remote Code Execution (RCE) https://nvd.nist.gov/vuln/detail/CVE-2022-22965
- net.minidev:json-smart@2.3 Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2021-27568
- com.fasterxml.jackson.core:jackson-databind@2.11.3 Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2020-36518
- org.apache.tomcat.embed:tomcat-embed-core@9.0.39 Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2021-41079
- org.apache.tomcat.embed:tomcat-embed-core@9.0.39 Remote Code Execution (RCE) https://nvd.nist.gov/vuln/detail/CVE-2021-25329
- org.glassfish:jakarta.el@3.0.3 Improper Input Validation https://nvd.nist.gov/vuln/detail/CVE-2021-28170
- com.h2database:h2@1.4.200 Remote Code Execution (RCE) https://nvd.nist.gov/vuln/detail/CVE-2022-23221
TestRail: Results
Attachments
Issue Links
- relates to
-
-
- Closed
-