[#14451] - Security Vulnerability in build in dependencies

Category:
Bug report
Priority:
Urgent
Status:
New
Project: Severity:
Critical
Resolution:
Open
Component: Reproducibility:
Always
Assigned to:

Packaging spring-security-web-4.2.19.RELEASE.jar which has CVE
Found security vulnerability CVE-2022-22978 with severity >= 9 (severity = 9.8)
https://spring.io/blog/2022/05/15/cve-2022-22978-authorization-bypass-in...

Packaging esapi-2.1.0.1.jar which has CVE
Found security vulnerability CVE-2022-24891 with severity < 7 (severity = 6.1)

https://github.com/ESAPI/esapi-java-legacy/issues/614
https://github.com/ESAPI/esapi-java-legacy/pull/612

Packaging jackson-databind-2.11.4.jar which has CVE
Found security vulnerability CVE-2020-36518 with severity >= 7 (severity = 7.5)
https://github.com/FasterXML/jackson-databind/issues/2816

v8.0.1
msilvers's picture
Joined: Sep 16 2021 - 9:58am
Last seen: 1 month 1 week ago
Feedback