You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2018/10/29 13:16:51 UTC

[GitHub] javabeanz opened a new issue #2882: security vulnerabilties in 3rd party components

javabeanz opened a new issue #2882: security vulnerabilties in 3rd party components
URL: https://github.com/apache/pulsar/issues/2882
 
 
   mvn com.redhat.victims.maven:security-versions:check reveals many vulns, especially for jakscon and commons libs :
   [ERROR] jline:jline is vulnerable to CVE-2013-2035
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2017-17485
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2017-7525
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2018-5968
   [ERROR] commons-collections:commons-collections is vulnerable to CVE-2015-7501
   [ERROR] commons-beanutils:commons-beanutils is vulnerable to CVE-2014-0114
   [INFO] Analyzing the dependencies for org.apache.pulsar.tests:tests-parent
   [ERROR] jline:jline is vulnerable to CVE-2013-2035
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2017-17485
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2017-7525
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2018-5968
   [ERROR] commons-collections:commons-collections is vulnerable to CVE-2015-7501
   [ERROR] commons-beanutils:commons-beanutils is vulnerable to CVE-2014-0114
   [INFO] Analyzing the dependencies for org.apache.pulsar:pulsar
   [ERROR] jline:jline is vulnerable to CVE-2013-2035
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2017-17485
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2017-7525
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to CVE-2018-5968
   [ERROR] commons-collections:commons-collections is vulnerable to CVE-2015-7501
   [ERROR] commons-beanutils:commons-beanutils is vulnerable to CVE-2014-0114
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services