You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Fabian Lange (JIRA)" <ji...@apache.org> on 2017/10/12 21:40:00 UTC

[jira] [Created] (KARAF-5423) Karaf is flagged as vulnerable to CVE-2015-5262

Fabian Lange created KARAF-5423:
-----------------------------------

             Summary: Karaf is flagged as vulnerable to CVE-2015-5262
                 Key: KARAF-5423
                 URL: https://issues.apache.org/jira/browse/KARAF-5423
             Project: Karaf
          Issue Type: Bug
    Affects Versions: 4.1.2
            Reporter: Fabian Lange


Pax Url up to the current 2.5.2 include apache httpclient 4.3.5 which is flagged vulnerable to CVE-2015-5262.

I already provided a patch upstream https://ops4j1.jira.com/projects/PAXURL/issues/PAXURL-345?filter=allopenissues
in https://github.com/ops4j/org.ops4j.pax.url/commit/6f938ab159c606c45ec293c116aad41b6cf62510

but it would require a pax-url release first followed by a dependency upgrade in karaf.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)