You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@velocity.apache.org by "Sergiu Dumitriu (JIRA)" <de...@velocity.apache.org> on 2018/06/24 13:14:00 UTC

[jira] [Closed] (VELTOOLS-163) Apache Struts Vulnerabilities - Velocity Tool (2.0)

     [ https://issues.apache.org/jira/browse/VELTOOLS-163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergiu Dumitriu closed VELTOOLS-163.
------------------------------------
       Resolution: Duplicate
    Fix Version/s:     (was: 3.0)

> Apache Struts Vulnerabilities - Velocity Tool (2.0)
> ---------------------------------------------------
>
>                 Key: VELTOOLS-163
>                 URL: https://issues.apache.org/jira/browse/VELTOOLS-163
>             Project: Velocity Tools
>          Issue Type: Bug
>          Components: VelocityStruts
>            Reporter: Pankaj Singh
>            Assignee: Claude Brisson
>            Priority: Critical
>
> Velocity Tools version 2.0 uses struts 1.3.8 which has associated vulnerabilities:
> Struts 1
> •	CVE-2014-0114 – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114
> Strut 2
> •	CVE-2014-0113 – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
> •	CVE-2014-0112 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
> •	CVE-2014-0094 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
> The desired remediation goal for all affected applications is to update the respective Apache Struts component to version 2.3.16.3. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org