You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Ragul (Jira)" <ji...@apache.org> on 2022/10/27 13:04:00 UTC
[jira] [Comment Edited] (CXF-8779) Vulnerabilities from dependencies - jackson-databind & commons-text
[ https://issues.apache.org/jira/browse/CXF-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17625102#comment-17625102 ]
Ragul edited comment on CXF-8779 at 10/27/22 1:03 PM:
------------------------------------------------------
Sry created in the wrong project
can we move to Avro space or close this and create a ticket in Avro
was (Author: ragul96):
Sry created in the wrong project
can we move to Avro space or close this and create a ticket in Avro
> Vulnerabilities from dependencies - jackson-databind & commons-text
> -------------------------------------------------------------------
>
> Key: CXF-8779
> URL: https://issues.apache.org/jira/browse/CXF-8779
> Project: CXF
> Issue Type: Bug
> Reporter: Ragul
> Priority: Critical
>
> Version 1.11.1 of avro-compiler contains the apache commons-text vulnerable library (1.9) &
> Jackson-databind (2.12.7)
>
> Vulnerabilities from dependencies:
> [CVE-2022-42889|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889]
> [CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004]
> [CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003]
>
> Is there any plan to upgrade dependency and address this issue?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)