You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Alexander Murmann (Jira)" <ji...@apache.org> on 2022/09/01 17:04:00 UTC
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Murmann updated GEODE-10415:
--------------------------------------
Labels: needsTriage (was: )
> CVEs detected in latest geode
> -----------------------------
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
> Affects Versions: 1.15.0
> Reporter: Shruti
> Priority: Major
> Labels: needsTriage
>
> We are detecting the following CVEs with geode
> 💥 High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated
>
> {{NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
> jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical
> shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical
> shiro-core 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-event 1.9.0 java-archive CVE-2022-32532 Critical
> shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical
> spring-core 5.3.20 java-archive CVE-2016-1000027 Critical
> jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High
> jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)