[#11491] - CVE-2016-1000338 - Bouncy Castle Crypto package

Posted by costa.christodoulou on January 9, 2019 - 6:47am
Category:
Bug report
 Priority:
High
 Status:
New
Project:
JasperReports® Server
 Severity:
Major
 Resolution:
Open
Component: Reproducibility:
Always
 Assigned to:
Subscribe

The following vulnrability has been detected by Snyk, any plans to update the version 1.60 of The Bouncy Castle Crypto package?

CVE-2016-1000338

Vulnerable module: org.bouncycastle:bcprov-jdk15on
Introduced through: net.sf.jasperreports:jasperreports@6.7.0

https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32340

v6.7.0
costa.christodoulou's picture
costa.christodoulou
32
Joined: Dec 5 2018 - 5:49am
Last seen: 4 years 2 months ago
Feedback