[#14461] - CVE-2022-22965 (CRITICAL) detected in Spring Core & Spring Beans (security vulnerability)

Posted by tuspatil on November 3, 2022 - 12:35am

Category:	Bug report	Priority:	Immediate	Status:	Closed
Project:	JasperReports® Library	Severity:	Critical	Resolution:	Open
Component:		Reproducibility:	Always	Assigned to:

Add new comment

Hi Team,

As checked jasperreports-6.16.0 and jasperreports-6.19.0 have optional dependency on "spring-core-5.3.14" and "spring-beans-5.3.14" that have security vulnerability "CVE-2022-22965" as reported in "https://mvnrepository.com/" . According to "National Vulnerability Database" (NVD), the CVSS score is 9.8 and is rated as CRITICAL.

Please help us to understand whether it is actually 9.8 as per TIBCO's point of view & do you see any security risk is using it.

Refer:
https://mvnrepository.com/artifact/net.sf.jasperreports/jasperreports/6....
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
https://nvd.nist.gov/vuln/detail/CVE-2022-22965

[Note: Same issue is reported by me on github as well. You can mark duplicate to anyone.]

Thanks,
Tushar

JasperReports

tuspatil

Joined: Jan 3 2022 - 10:54pm

Last seen: 2 hours 36 min ago

1 Comment:

#1Posted by tuspatil on November 9, 2022 - 9:49pm

Status:New» Closed

Main menu

You are here

[#14461] - CVE-2022-22965 (CRITICAL) detected in Spring Core & Spring Beans (security vulnerability)

1 Comment: