You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "longfeiJiang (Jira)" <ji...@apache.org> on 2023/02/02 10:49:00 UTC

[jira] [Created] (KYLIN-5408) Fix new critical-risk vulnerability CVE-2022-37866 / SNYK-JAVA-ORGAPACHEIVY-3106014

longfeiJiang created KYLIN-5408:
-----------------------------------

             Summary: Fix new critical-risk vulnerability CVE-2022-37866 / SNYK-JAVA-ORGAPACHEIVY-3106014
                 Key: KYLIN-5408
                 URL: https://issues.apache.org/jira/browse/KYLIN-5408
             Project: Kylin
          Issue Type: Bug
    Affects Versions: 5.0-alpha
            Reporter: longfeiJiang
             Fix For: 5.0-alpha


[!https://snyk.io/favicon.png!Directory Traversal in org.apache.ivy:ivy | CVE-2022-37866 | Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106929]

[!https://snyk.io/favicon.png!Directory Traversal in org.apache.ivy:ivy | CVE-2022-37865 | Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106014]
h2. How to fix?

Upgrade {{org.apache.ivy:ivy}} to version 2.5.1 or higher.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)