“Description
The component listed above contains a vulnerability which may allow analytic reports that contain scripting to perform arbitrary code execution.
Impact
The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component.”
“TIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher”
https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429
https://nvd.nist.gov/vuln/detail/CVE-2018-5429
I am having difficulty locating the recommended upgrade library for the 6.3.x series. (6.3.4)
https://mvnrepository.com/artifact/net.sf.jasperreports/jasperreports
Anyone know where to locate releases of jasper reports library that are not in maven central?