Jump to content

  • Vulnerabilities in jasperreports-6.19.0

    tuspatil

    By tuspatil

     Share
    CategoryBug report
    PriorityUrgent
    ReproducibilityAlways
    ResolutionOpen
    SeverityCritical
    StatusNew

    Hi Team,

     

    We are planning to migrate to latest version "jasperreports-6.19.0", but we observed below two vulnerabilities from dependencies:

    1) CVE-2022-24614

    2) CVE-2022-24613

    (Ref. https://mvnrepository.com/artifact/net.sf.jasperreports/jasperreports/6.19.0)

     

    These vulnerabilities are because of "metadata-extractor-2.16.0", same vulnerabilities are fixed under "metadata-extractor-2.17.0".

    (Ref. https://mvnrepository.com/artifact/com.drewnoakes/metadata-extractor)

     

    Do we have any plan at jaspersoft to use "metadata-extractor-2.17.0" instead of "2.16.0" to fix this vulnerabilities? Please provide us the CVSS score & severity of these vulnerabilities from JasperReport's points of view.

     

    Thanks, we are eagerly waiting for your response.

     

    Regards,

    Tushar Patil

     

     

     Share
    Go to bugs

    User Feedback

    Recommended Comments

    teodord

    Changed Resolution from Open to Fixed

    Changed Status from New to Closed

    Changed Assigned User from - to @teodord

    Hi,Metadata extractor has been upgraded in the master branch and will be part of the next release soon.Note that this is an optional dependency and is needed only if you want to benefit from autoration of pictures taken with mobile devices that have EXIF orientation information in them.Thank you,Teodor
    Link to comment
    Share on other sites
    italo.costa

    Changed Reproducibility from N/A to Always

    Changed Resolution from Fixed to Open

    Changed Status from Closed to New

    Changed Assigned User from @teodord to -

    Hi,How can I deactivate this dependency, in order to don't make the image rotate based on the EXIF orientation.
    Link to comment
    Share on other sites

×
×
  • Create New...

© 2023 Cloud Software Group,
Inc. All rights reserved

Products

Explore