You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "XuCongying (Jira)" <ji...@apache.org> on 2020/03/01 12:14:00 UTC
[jira] [Created] (PDFBOX-4790) Found CVEs in your dependencies
XuCongying created PDFBOX-4790:
----------------------------------
Summary: Found CVEs in your dependencies
Key: PDFBOX-4790
URL: https://issues.apache.org/jira/browse/PDFBOX-4790
Project: PDFBox
Issue Type: Bug
Reporter: XuCongying
I noticed some of your libraries contained CVEs. I suggest a library update to avoid potential risks. Details are listed below:
Vulnerable Library Version: org.bouncycastle : bcmail-jdk15on : 1.59
CVE ID: [CVE-2018-1000613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613)
Import Path: debugger/pom.xml, app/pom.xml, pdfbox/pom.xml, debugger-app/pom.xml, examples/pom.xml, preflight/pom.xml, tools/pom.xml, preflight-app/pom.xml
Suggested Safe Versions: 1.60, 1.61, 1.62, 1.63, 1.64
Vulnerable Library Version: org.apache.lucene : lucene-core : 5.5.4
CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
Import Path: examples/pom.xml
Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
Vulnerable Library Version: org.bouncycastle : bcprov-jdk15on : 1.59
CVE ID: [CVE-2018-1000613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613), [CVE-2018-5382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382)
Import Path: app/pom.xml, pdfbox/pom.xml, debugger-app/pom.xml, preflight/pom.xml, preflight-app/pom.xml
Suggested Safe Versions: 1.60, 1.61, 1.62, 1.64
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org