Uploaded image for project: 'folio-spring-base'
  1. folio-spring-base
  2. FOLSPRINGB-53

Upgrade rhino and plexus-utils (CVE-2017-1000487)

    XMLWordPrintable

Details

    • Spring Force
    • TBD

    Description

      Upgrade dependencies that have vulnerabilities:

      Upgrade org.mozilla:rhino from 1.7.7.2 to 1.7.14 fixing XML External Entity (XXE) Injection: https://app.snyk.io/vuln/SNYK-JAVA-ORGMOZILLA-1314295

      Upgrade org.apache.maven:maven-compat from 3.5.0 to 3.8.5. This indirectly upgrades org.codehaus.plexus:plexus-utils from 1.5.8 to 3.3.0 fixing Shell Command Injection https://nvd.nist.gov/vuln/detail/CVE-2017-1000487 , XML External Entity (XXE) Injection https://app.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-461102 , Directory Traversal https://app.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521

      TestRail: Results

        Attachments

          Activity

            People

              psmagin Pavlo Smahin
              julianladisch Julian Ladisch
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                TestRail: Runs

                  TestRail: Cases