You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@eagle.apache.org by "Grainier Perera (Jira)" <ji...@apache.org> on 2019/11/08 09:39:00 UTC
[jira] [Created] (EAGLE-1103) Bump vulnerable dependency versions
Grainier Perera created EAGLE-1103:
--------------------------------------
Summary: Bump vulnerable dependency versions
Key: EAGLE-1103
URL: https://issues.apache.org/jira/browse/EAGLE-1103
Project: Eagle
Issue Type: Sub-task
Affects Versions: v0.5.0
Reporter: Grainier Perera
Assignee: Grainier Perera
h3. com.puppycrawl.tools:checkstyle
* Vulnerabilities:
** CVE-2019-9658 (moderate severity)
* Fix: bump version 7.1 to 8.18
h3. org.apache.hive:hive-jdbc
* Vulnerabilities:
** CVE-2018-1314 (moderate severity)
** CVE-2018-1282 (high severity)
* Fix: bump version *1.2.1 to 3.1.2*
h3. org.apache.hive:hive-exec
* Vulnerabilities:
** CVE-2016-3083 (moderate severity)
** CVE-2018-11777 (moderate severity)
** CVE-2018-1284 (moderate severity)
** CVE-2015-7521 (high severity)
* Fix: bump version *1.2.1 to 3.1.2*
h3. org.apache.tomcat.embed:tomcat-embed-core
* Vulnerabilities:
** CVE-2018-8014 (high severity)
** CVE-2019-0232 (high severity)
** CVE-2019-0221 (moderate severity)
** CVE-2018-1336 (moderate severity)
** CVE-2018-1305 (moderate severity)
** CVE-2018-1304 (moderate severity)
** CVE-2018-11784 (moderate severity)
** CVE-2017-12615 (moderate severity)
** CVE-2018-8034 (low severity)
* Fix: bump version to *7.0.94 or later*
h3. org.apache.storm:storm-core
* Vulnerabilities:
** CVE-2018-1331 (high severity)
** CVE-2018-1332 (moderate severity)
** CVE-2018-8008 (moderate severity)
* Fix: bump version to *1.1.3 or later*
h3. com.fasterxml.jackson.core:jackson-databind
* Vulnerabilities:
** CVE-2019-14540 (critical severity)
** CVE-2019-16335 (critical severity)
** CVE-2019-14379 (critical severity)
** CVE-2018-11307 (critical severity)
** CVE-2019-14439 (high severity)
** CVE-2018-12022 (high severity)
** CVE-2017-17485 (high severity)
** CVE-2017-15095 (high severity)
** CVE-2018-7489 (high severity)
** CVE-2017-7525 (high severity)
** CVE-2019-16942 (moderate severity)
** CVE-2019-12814 (moderate severity)
** CVE-2019-12086 (moderate severity)
** CVE-2019-12384 (low severity)
* Fix: bump version to *2.10.0 or later*
--
This message was sent by Atlassian Jira
(v8.3.4#803005)