You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@velocity.apache.org by "Sergiu Dumitriu (JIRA)" <de...@velocity.apache.org> on 2018/06/24 13:14:00 UTC
[jira] [Closed] (VELTOOLS-163) Apache Struts Vulnerabilities -
Velocity Tool (2.0)
[ https://issues.apache.org/jira/browse/VELTOOLS-163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergiu Dumitriu closed VELTOOLS-163.
------------------------------------
Resolution: Duplicate
Fix Version/s: (was: 3.0)
> Apache Struts Vulnerabilities - Velocity Tool (2.0)
> ---------------------------------------------------
>
> Key: VELTOOLS-163
> URL: https://issues.apache.org/jira/browse/VELTOOLS-163
> Project: Velocity Tools
> Issue Type: Bug
> Components: VelocityStruts
> Reporter: Pankaj Singh
> Assignee: Claude Brisson
> Priority: Critical
>
> Velocity Tools version 2.0 uses struts 1.3.8 which has associated vulnerabilities:
> Struts 1
> • CVE-2014-0114 – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114
> Strut 2
> • CVE-2014-0113 – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
> • CVE-2014-0112 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
> • CVE-2014-0094 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
> The desired remediation goal for all affected applications is to update the respective Apache Struts component to version 2.3.16.3.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org