[jira] [Commented] (WICKET-6752) Some dependencies contain CVEs

Sat, 07 Mar 2020 23:22:11 -0800 


    [ 
https://issues.apache.org/jira/browse/WICKET-6752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054321#comment-17054321
 ] 

ASF subversion and git services commented on WICKET-6752:
---------------------------------------------------------

Commit 896b5b548a9f74894db84436907123fbf5e96070 in wicket's branch 
refs/heads/wicket-8.x from Martin Tzvetanov Grigorov
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=896b5b5 ]

WICKET-6752 Some dependencies contain CVEs

Update dependencies in the experimental modules

(cherry picked from commit 7eb84fcc578d8a1d8940f3b2446ee7702fca00b3)


> Some dependencies contain CVEs
> ------------------------------
>
>                 Key: WICKET-6752
>                 URL: https://issues.apache.org/jira/browse/WICKET-6752
>             Project: Wicket
>          Issue Type: Bug
>            Reporter: XuCongying
>            Priority: Major
>
> Your project is at risk due to the use of vulnerable dependencies. In order 
> to avoid threats, I recommend updating to a safe version. Here is the 
> detailed information:
>  Vulnerable Library Version: org.apache.tomcat : tomcat-catalina : 8.5.33
>   CVE ID: 
> [CVE-2019-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232),
>  
> [CVE-2016-6794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794),
>  
> [CVE-2018-11784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784),
>  
> [CVE-2016-6816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816),
>  
> [CVE-2016-8745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745),
>  
> [CVE-2016-8735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735),
>  
> [CVE-2019-17563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563),
>  [CVE-2019-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199)
>   Import Path: wicket-experimental/wicket-http2/wicket-http2-tomcat/pom.xml
>   Suggested Safe Versions: 10.0.0-M1, 9.0.30, 9.0.31
>  Vulnerable Library Version: org.hibernate.validator : hibernate-validator : 
> 6.0.16.Final
>   CVE ID: 
> [CVE-2019-10219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219)
>   Import Path: wicket-examples/pom.xml, wicket-bean-validation/pom.xml
>   Suggested Safe Versions: 6.0.18.Final, 6.1.0.Final, 6.1.1.Final, 6.1.2.Final
>  Vulnerable Library Version: io.undertow : undertow-servlet : 2.0.16.Final
>   CVE ID: 
> [CVE-2019-10184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10184)
>   Import Path: wicket-experimental/wicket-http2/wicket-http2-undertow/pom.xml
>   Suggested Safe Versions: 2.0.23.Final, 2.0.24.Final, 2.0.25.Final, 
> 2.0.26.Final, 2.0.27.Final, 2.0.28.Final, 2.0.29.Final
>  Vulnerable Library Version: org.springframework : spring-web : 5.2.0.RELEASE
>   CVE ID: 
> [CVE-2020-5397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5397),
>  [CVE-2020-5398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398)
>   Import Path: wicket-examples/pom.xml, wicket-spring/pom.xml
>   Suggested Safe Versions: 5.2.3.RELEASE
>  Vulnerable Library Version: org.eclipse.jetty : jetty-server : 
> 9.4.21.v20190926
>   CVE ID: 
> [CVE-2019-17632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17632)
>   Import Path: testing/wicket-js-tests/pom.xml, wicket-examples/pom.xml, 
> wicket-experimental/wicket-http2/wicket-http2-jetty/pom.xml, 
> wicket-native-websocket/wicket-native-websocket-javax/pom.xml
>   Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.24.v20191120, 
> 9.4.25.v20191220, 9.4.26.v20200117
>  Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
>   CVE ID: 
> [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
>  
> [CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783),
>  [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
>   Import Path: testing/wicket-threadtest/pom.xml
>   Suggested Safe Versions: 3.0alpha2
>  Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 
> 2.9.10.1
>   CVE ID: 
> [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
>  
> [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330)
>   Import Path: wicket-extensions/pom.xml
>   Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to