You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/01/27 19:30:07 UTC
[GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan
GLouMcK opened a new issue #9347:
URL: https://github.com/apache/pulsar/issues/9347
Black Duck, a product by Synopsys that scans for open source security threats, uncovered a few issues in the Docker image in repository apachepulsar/pulsar-all for tag 2.7.0.
The vulnerabilities reported were:
CVE-2018-8088 - org.slf4j.ext.EventData in the slf4j-ext module allows remote attackers to bypass intended access restrictions via crafted data.
CVE-2019-17638 - In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error.
CVE-2017-1000487 -Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
If I can provide any further details please let me know.
Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] codelipenghui closed issue #9347: Security Vulnerabilities - Black Duck Scan
Posted by GitBox <gi...@apache.org>.
codelipenghui closed issue #9347:
URL: https://github.com/apache/pulsar/issues/9347
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] codelipenghui commented on issue #9347: Security Vulnerabilities - Black Duck Scan
Posted by GitBox <gi...@apache.org>.
codelipenghui commented on issue #9347:
URL: https://github.com/apache/pulsar/issues/9347#issuecomment-768766864
@GLouMcK I think there are a couple of CVE related fixes in the master branch. Could you please check if the problem still in the master branch?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] codelipenghui commented on issue #9347: Security Vulnerabilities - Black Duck Scan
Posted by GitBox <gi...@apache.org>.
codelipenghui commented on issue #9347:
URL: https://github.com/apache/pulsar/issues/9347#issuecomment-788926646
Close this issue first since on update for a long time.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org