You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2021/08/12 20:09:00 UTC
[jira] [Commented] (FILEUPLOAD-339) OWASP - Dependency-Check found
vulnerable dependencies.
[ https://issues.apache.org/jira/browse/FILEUPLOAD-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17398268#comment-17398268 ]
Michael Osipov commented on FILEUPLOAD-339:
-------------------------------------------
The CVE is about Commons Compress and not IO. They are not related.
> OWASP - Dependency-Check found vulnerable dependencies.
> -------------------------------------------------------
>
> Key: FILEUPLOAD-339
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-339
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.4
> Reporter: Paulo Machado
> Priority: Major
>
> Hi guys,
> We have a vulnerability when we use commons-io 2.2:
> [https://nvd.nist.gov/vuln/detail/CVE-2021-35515]
> Could you update it for the latest one, please?
> Thank you!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)