[GitHub] javabeanz opened a new issue #2882: security vulnerabilties in 3rd party components

Mon, 29 Oct 2018 06:17:15 -0700 

javabeanz opened a new issue #2882: security vulnerabilties in 3rd party 
components
URL: https://github.com/apache/pulsar/issues/2882
 
 
   mvn com.redhat.victims.maven:security-versions:check reveals many vulns, 
especially for jakscon and commons libs :
   [ERROR] jline:jline is vulnerable to CVE-2013-2035
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2017-17485
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2017-7525
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2018-5968
   [ERROR] commons-collections:commons-collections is vulnerable to 
CVE-2015-7501
   [ERROR] commons-beanutils:commons-beanutils is vulnerable to CVE-2014-0114
   [INFO] Analyzing the dependencies for org.apache.pulsar.tests:tests-parent
   [ERROR] jline:jline is vulnerable to CVE-2013-2035
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2017-17485
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2017-7525
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2018-5968
   [ERROR] commons-collections:commons-collections is vulnerable to 
CVE-2015-7501
   [ERROR] commons-beanutils:commons-beanutils is vulnerable to CVE-2014-0114
   [INFO] Analyzing the dependencies for org.apache.pulsar:pulsar
   [ERROR] jline:jline is vulnerable to CVE-2013-2035
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2017-17485
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2017-7525
   [ERROR] com.fasterxml.jackson.core:jackson-databind is vulnerable to 
CVE-2018-5968
   [ERROR] commons-collections:commons-collections is vulnerable to 
CVE-2015-7501
   [ERROR] commons-beanutils:commons-beanutils is vulnerable to CVE-2014-0114
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to