You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by "Andreas Lehmkühler (Jira)" <ji...@apache.org> on 2020/03/01 14:16:00 UTC

[jira] [Closed] (PDFBOX-4791) Found CVEs in your dependencies

     [ https://issues.apache.org/jira/browse/PDFBOX-4791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Lehmkühler closed PDFBOX-4791.
--------------------------------------
      Assignee: Andreas Lehmkühler
    Resolution: Duplicate

Duplicate of PDFBOX-4790

> Found CVEs in your dependencies
> -------------------------------
>
>                 Key: PDFBOX-4791
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4791
>             Project: PDFBox
>          Issue Type: Bug
>            Reporter: XuCongying
>            Assignee: Andreas Lehmkühler
>            Priority: Major
>
> I noticed some of your libraries contained CVEs. I suggest a library update to avoid potential risks. Details are listed below:
>  Vulnerable Library Version: org.bouncycastle : bcmail-jdk15on : 1.59
>   CVE ID: [CVE-2018-1000613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613)
>   Import Path: debugger/pom.xml, app/pom.xml, pdfbox/pom.xml, debugger-app/pom.xml, examples/pom.xml, preflight/pom.xml, tools/pom.xml, preflight-app/pom.xml
>   Suggested Safe Versions: 1.60, 1.61, 1.62, 1.63, 1.64
>  
> Vulnerable Library Version: org.apache.lucene : lucene-core : 5.5.4
>   CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
>   Import Path: examples/pom.xml
>   Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
>  
> Vulnerable Library Version: org.bouncycastle : bcprov-jdk15on : 1.59
>   CVE ID: [CVE-2018-1000613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613), [CVE-2018-5382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382)
>   Import Path: app/pom.xml, pdfbox/pom.xml, debugger-app/pom.xml, preflight/pom.xml, preflight-app/pom.xml
>   Suggested Safe Versions: 1.60, 1.61, 1.62, 1.64



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org