You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Ramakrishnan (Jira)" <ji...@apache.org> on 2020/06/11 05:38:00 UTC

[jira] [Created] (DIGESTER-193) Upgrade commons-beanutils to 1.9.4

Ramakrishnan created DIGESTER-193:
-------------------------------------

             Summary: Upgrade commons-beanutils to 1.9.4
                 Key: DIGESTER-193
                 URL: https://issues.apache.org/jira/browse/DIGESTER-193
             Project: Commons Digester
          Issue Type: Bug
    Affects Versions: 3.2
            Reporter: Ramakrishnan


Upgrade commons-beanutils to 1.9.4

*Vulnerability:* 

commons-beanutils-1.8.3.jar (pkg:maven/commons-beanutils/commons-beanutils@1.8.3, cpe:2.3:a:apache:commons_beanutils:1.8.3:*:*:*:*:*:*:*) : CVE-2014-0114, CVE-2019-10086



Refer: https://nvd.nist.gov/vuln/detail/CVE-2014-0114

*Dependency Tree:*

[INFO] | +- org.apache.commons:commons-digester3:jar:3.2:compile
[INFO] | | +- cglib:cglib:jar:2.2.2:compile
[INFO] | | | \- asm:asm:jar:3.3.1:compile
[INFO] | | +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] | | \- commons-logging:commons-logging:jar:1.1.1:compile

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)