You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Andreas Lehmkühler (Jira)" <ji...@apache.org> on 2020/03/01 14:16:00 UTC
[jira] [Closed] (PDFBOX-4791) Found CVEs in your dependencies
[ https://issues.apache.org/jira/browse/PDFBOX-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Lehmkühler closed PDFBOX-4791.
--------------------------------------
Assignee: Andreas Lehmkühler
Resolution: Duplicate
Duplicate of PDFBOX-4790
> Found CVEs in your dependencies
> -------------------------------
>
> Key: PDFBOX-4791
> URL: https://issues.apache.org/jira/browse/PDFBOX-4791
> Project: PDFBox
> Issue Type: Bug
> Reporter: XuCongying
> Assignee: Andreas Lehmkühler
> Priority: Major
>
> I noticed some of your libraries contained CVEs. I suggest a library update to avoid potential risks. Details are listed below:
> Vulnerable Library Version: org.bouncycastle : bcmail-jdk15on : 1.59
> CVE ID: [CVE-2018-1000613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613)
> Import Path: debugger/pom.xml, app/pom.xml, pdfbox/pom.xml, debugger-app/pom.xml, examples/pom.xml, preflight/pom.xml, tools/pom.xml, preflight-app/pom.xml
> Suggested Safe Versions: 1.60, 1.61, 1.62, 1.63, 1.64
>
> Vulnerable Library Version: org.apache.lucene : lucene-core : 5.5.4
> CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
> Import Path: examples/pom.xml
> Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
>
> Vulnerable Library Version: org.bouncycastle : bcprov-jdk15on : 1.59
> CVE ID: [CVE-2018-1000613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613), [CVE-2018-5382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382)
> Import Path: app/pom.xml, pdfbox/pom.xml, debugger-app/pom.xml, preflight/pom.xml, preflight-app/pom.xml
> Suggested Safe Versions: 1.60, 1.61, 1.62, 1.64
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org