You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2021/08/12 20:09:00 UTC

[jira] [Commented] (FILEUPLOAD-339) OWASP - Dependency-Check found vulnerable dependencies.

    [ https://issues.apache.org/jira/browse/FILEUPLOAD-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17398268#comment-17398268 ] 

Michael Osipov commented on FILEUPLOAD-339:
-------------------------------------------

The CVE is about Commons Compress and not IO. They are  not related. 

> OWASP - Dependency-Check found vulnerable dependencies.
> -------------------------------------------------------
>
>                 Key: FILEUPLOAD-339
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-339
>             Project: Commons FileUpload
>          Issue Type: Bug
>    Affects Versions: 1.4
>            Reporter: Paulo Machado
>            Priority: Major
>
> Hi guys,
> We have a vulnerability when we use commons-io 2.2:
> [https://nvd.nist.gov/vuln/detail/CVE-2021-35515]
> Could you update it for the latest one, please?
> Thank you!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)