You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2018/08/07 18:39:00 UTC

[jira] [Created] (AMBARI-24415) Remove dependencies with CVE issues from Ambari Server

Robert Levas created AMBARI-24415:
-------------------------------------

             Summary: Remove dependencies with CVE issues from Ambari Server
                 Key: AMBARI-24415
                 URL: https://issues.apache.org/jira/browse/AMBARI-24415
             Project: Ambari
          Issue Type: Task
          Components: ambari-server
    Affects Versions: 2.7.1
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.7.1


Remove dependencies with CVE issues from Ambari Server

* org.springframework:spring-beans:jar before 4.3.17.RELEASE 
** CVE-2018-1270 - https://nvd.nist.gov/vuln/detail/CVE-2018-1270
** CVE-2018-1275 - https://nvd.nist.gov/vuln/detail/CVE-2018-1275
** CVE-2018-1199 - https://nvd.nist.gov/vuln/detail/CVE-2018-1199
** CVE-2018-1271 - https://nvd.nist.gov/vuln/detail/CVE-2018-1271
** CVE-2018-1257 - https://nvd.nist.gov/vuln/detail/CVE-2018-1257
{noformat}
[INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
[INFO] \- org.springframework.security:spring-security-core:jar:4.2.4.RELEASE:compile
[INFO]    \- org.springframework:spring-beans:jar:4.3.12.RELEASE:compile
{noformat}

* com.google.guava:guava:jar before version 19.0-gwt28
** CVE-2018-10237 - https://nvd.nist.gov/vuln/detail/CVE-2018-10237
{noformat}
[INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
[INFO] \- com.google.guava:guava:jar:18.0:compile
{noformat}

* org.kohsuke:libpam4j:jar before version 1.9
** CVE-2017-12197 - https://nvd.nist.gov/vuln/detail/CVE-2017-12197
{noformat}
[INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
[INFO] \- org.kohsuke:libpam4j:jar:1.8:compile
{noformat}

* org.springframework:spring-context before version 4.3.17.RELEASE
** CVE-2018-1257 - https://nvd.nist.gov/vuln/detail/CVE-2018-1257
{noformat}
[INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
[INFO] \- org.springframework:spring-context:jar:4.3.16.RELEASE:compile
{noformat}

* org.springframework.security:spring-security-ldap:jar before version 4.1.5.RELEASE 
** CVE-2018-1199 - https://nvd.nist.gov/vuln/detail/CVE-2018-1199
** CVE-2016-9879 - https://nvd.nist.gov/vuln/detail/CVE-2016-9879
{noformat}
[INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
[INFO] \- org.springframework.security:spring-security-ldap:jar:4.1.1.RELEASE:compile
{noformat}

* com.jcraft:jsch:jar before version 1.54 
** CVE-2016-5725 - https://nvd.nist.gov/vuln/detail/CVE-2016-5725
{noformat}
[INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
[INFO] \- com.jcraft:jsch:jar:0.1.45:compile
{noformat}




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)