You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Damien Diederen (Jira)" <ji...@apache.org> on 2021/08/05 08:47:00 UTC

[jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6

Damien Diederen created ZOOKEEPER-4343:
------------------------------------------

             Summary: OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
                 Key: ZOOKEEPER-4343
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4343
             Project: ZooKeeper
          Issue Type: Bug
          Components: server
    Affects Versions: 3.8.0
            Reporter: Damien Diederen
            Assignee: Damien Diederen


{noformat}
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0,0': 
[ERROR] 
[ERROR] commons-io-2.6.jar: CVE-2021-29425
[ERROR] 
[ERROR] See the dependency-check report for more details.
{noformat}

The issue is fixed in release 2.7:
    
- https://nvd.nist.gov/vuln/detail/CVE-2021-29425
- https://issues.apache.org/jira/browse/IO-556
- https://issues.apache.org/jira/browse/IO-559
- https://commons.apache.org/proper/commons-io/changes-report.html#a2.7



--
This message was sent by Atlassian Jira
(v8.3.4#803005)