XuCongying created WICKET-6752:
----------------------------------
Summary: Some dependencies contain CVEs
Key: WICKET-6752
URL: https://issues.apache.org/jira/browse/WICKET-6752
Project: Wicket
Issue Type: Bug
Reporter: XuCongying
Your project is at risk due to the use of vulnerable dependencies. In order to
avoid threats, I recommend updating to a safe version. Here is the detailed
information:
Vulnerable Library Version: org.apache.tomcat : tomcat-catalina : 8.5.33
CVE ID:
[CVE-2019-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232),
[CVE-2016-6794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794),
[CVE-2018-11784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784),
[CVE-2016-6816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816),
[CVE-2016-8745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745),
[CVE-2016-8735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735),
[CVE-2019-17563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563),
[CVE-2019-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199)
Import Path: wicket-experimental/wicket-http2/wicket-http2-tomcat/pom.xml
Suggested Safe Versions: 10.0.0-M1, 9.0.30, 9.0.31
Vulnerable Library Version: org.hibernate.validator : hibernate-validator :
6.0.16.Final
CVE ID:
[CVE-2019-10219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219)
Import Path: wicket-examples/pom.xml, wicket-bean-validation/pom.xml
Suggested Safe Versions: 6.0.18.Final, 6.1.0.Final, 6.1.1.Final, 6.1.2.Final
Vulnerable Library Version: io.undertow : undertow-servlet : 2.0.16.Final
CVE ID:
[CVE-2019-10184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10184)
Import Path: wicket-experimental/wicket-http2/wicket-http2-undertow/pom.xml
Suggested Safe Versions: 2.0.23.Final, 2.0.24.Final, 2.0.25.Final,
2.0.26.Final, 2.0.27.Final, 2.0.28.Final, 2.0.29.Final
Vulnerable Library Version: org.springframework : spring-web : 5.2.0.RELEASE
CVE ID:
[CVE-2020-5397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5397),
[CVE-2020-5398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398)
Import Path: wicket-examples/pom.xml, wicket-spring/pom.xml
Suggested Safe Versions: 5.2.3.RELEASE
Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.21.v20190926
CVE ID:
[CVE-2019-17632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17632)
Import Path: testing/wicket-js-tests/pom.xml, wicket-examples/pom.xml,
wicket-experimental/wicket-http2/wicket-http2-jetty/pom.xml,
wicket-native-websocket/wicket-native-websocket-javax/pom.xml
Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.24.v20191120,
9.4.25.v20191220, 9.4.26.v20200117
Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
CVE ID:
[CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
[CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783),
[CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
Import Path: testing/wicket-threadtest/pom.xml
Suggested Safe Versions: 3.0alpha2
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.9.10.1
CVE ID:
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330)
Import Path: wicket-extensions/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
