You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "XuCongying (Jira)" <ji...@apache.org> on 2020/03/01 12:18:00 UTC

[jira] [Created] (ISIS-2300) Some CVEs in dependencies are threatening your project!

XuCongying created ISIS-2300:
--------------------------------

             Summary: Some CVEs in dependencies are threatening your project!
                 Key: ISIS-2300
                 URL: https://issues.apache.org/jira/browse/ISIS-2300
             Project: Isis
          Issue Type: Dependency upgrade
            Reporter: XuCongying


Hi, I noticed that your project are using vulnerable libraries which are related to some CVEs. To prevent potential risk it may cause, I suggest a library update. Please look into the details below.

 Vulnerable Library Version: org.springframework : spring-web : 5.2.2.RELEASE
  CVE ID: [CVE-2020-5397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5397), [CVE-2020-5398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398)
  Import Path: core/webapp/pom.xml, viewers/wicket/viewer/pom.xml
  Suggested Safe Versions: 5.2.3.RELEASE
 
Vulnerable Library Version: org.apache.commons : commons-email : 1.4
  CVE ID: [CVE-2018-1294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294), [CVE-2017-9801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801)
  Import Path: core/runtime/pom.xml
  Suggested Safe Versions: 1.5



--
This message was sent by Atlassian Jira
(v8.3.4#803005)