You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Damien Diederen (Jira)" <ji...@apache.org> on 2021/08/05 08:47:00 UTC
[jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with
CVE-2021-29425, commons-io-2.6
Damien Diederen created ZOOKEEPER-4343:
------------------------------------------
Summary: OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
Key: ZOOKEEPER-4343
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4343
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.8.0
Reporter: Damien Diederen
Assignee: Damien Diederen
{noformat}
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0,0':
[ERROR]
[ERROR] commons-io-2.6.jar: CVE-2021-29425
[ERROR]
[ERROR] See the dependency-check report for more details.
{noformat}
The issue is fixed in release 2.7:
- https://nvd.nist.gov/vuln/detail/CVE-2021-29425
- https://issues.apache.org/jira/browse/IO-556
- https://issues.apache.org/jira/browse/IO-559
- https://commons.apache.org/proper/commons-io/changes-report.html#a2.7
--
This message was sent by Atlassian Jira
(v8.3.4#803005)