Jump to content
  • Vulnerabilities in jasperreports-6.19.0

    CategoryBug report

    Hi Team,


    We are planning to migrate to latest version "jasperreports-6.19.0", but we observed below two vulnerabilities from dependencies:

    1) CVE-2022-24614

    2) CVE-2022-24613

    (Ref. https://mvnrepository.com/artifact/net.sf.jasperreports/jasperreports/6.19.0)


    These vulnerabilities are because of "metadata-extractor-2.16.0", same vulnerabilities are fixed under "metadata-extractor-2.17.0".

    (Ref. https://mvnrepository.com/artifact/com.drewnoakes/metadata-extractor)


    Do we have any plan at jaspersoft to use "metadata-extractor-2.17.0" instead of "2.16.0" to fix this vulnerabilities? Please provide us the CVSS score & severity of these vulnerabilities from JasperReport's points of view.


    Thanks, we are eagerly waiting for your response.



    Tushar Patil



    User Feedback

    Recommended Comments

    Changed Resolution from Open to Fixed

    Changed Status from New to Closed

    Changed Assigned User from - to @teodord

    Hi,Metadata extractor has been upgraded in the master branch and will be part of the next release soon.Note that this is an optional dependency and is needed only if you want to benefit from autoration of pictures taken with mobile devices that have EXIF orientation information in them.Thank you,Teodor
    Link to comment
    Share on other sites

    Changed Reproducibility from N/A to Always

    Changed Resolution from Fixed to Open

    Changed Status from Closed to New

    Changed Assigned User from @teodord to -

    Hi,How can I deactivate this dependency, in order to don't make the image rotate based on the EXIF orientation.
    Link to comment
    Share on other sites

  • Create New...