You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "René Cordier (Jira)" <se...@james.apache.org> on 2020/02/03 07:43:00 UTC
[jira] [Updated] (JAMES-3033) Vulnerability found in dependency
com.puppycrawl.tools:checkstyle
[ https://issues.apache.org/jira/browse/JAMES-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
René Cordier updated JAMES-3033:
--------------------------------
Description:
Due to an incomplete fix for [CVE-2019-9658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9658], checkstyle is still vulnerable to XML External Entity (XXE) Processing, thus ending up to this [CWE-611: Improper Restriction of XML External Entity Reference|https://cwe.mitre.org/data/definitions/611.html]
We need to fix it asap by upgrading it from version 8.23 to 8.29.
was:
A vulnerability issue has been found in com.puppycrawl.tools:checkstyle : https://github.com/linagora/james-project/network/alert/pom.xml/com.puppycrawl.tools:checkstyle/open
We need to fix it asap by upgrading it from version 8.23 to 8.29.
> Vulnerability found in dependency com.puppycrawl.tools:checkstyle
> -----------------------------------------------------------------
>
> Key: JAMES-3033
> URL: https://issues.apache.org/jira/browse/JAMES-3033
> Project: James Server
> Issue Type: Improvement
> Reporter: René Cordier
> Priority: Major
> Labels: security
>
> Due to an incomplete fix for [CVE-2019-9658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9658], checkstyle is still vulnerable to XML External Entity (XXE) Processing, thus ending up to this [CWE-611: Improper Restriction of XML External Entity Reference|https://cwe.mitre.org/data/definitions/611.html]
> We need to fix it asap by upgrading it from version 8.23 to 8.29.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org