[jira] [Created] (FELIX-6193) Update maven-archiver + plexus-utils

Colm O hEigeartaigh (Jira) Thu, 17 Oct 2019 08:20:23 -0700

Colm O hEigeartaigh created FELIX-6193:
------------------------------------------


             Summary: Update maven-archiver + plexus-utils
                 Key: FELIX-6193
                 URL: https://issues.apache.org/jira/browse/FELIX-6193
             Project: Felix
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
             Fix For: maven-bundle-plugin-4.2.2


We should update the versions of maven-archiver + plexus-utils in the 
maven-bundle-plugin to remove the CVEs:

plexus-archiver-2.8.1.jar (pkg:maven/org.codehaus.plexus/[email protected], 
cpe:2.3:a:plexus-archiver_project:plexus-archiver:2.8.1:*:*:*:*:*:*:*) : 
CVE-2018-1002200
plexus-utils-3.0.10.jar (pkg:maven/org.codehaus.plexus/[email protected], 
cpe:2.3:a:plexus-utils_project:plexus-utils:3.0.10:*:*:*:*:*:*:*) : 
CVE-2017-1000487, Directory traversal in org.codehaus.plexus.util.Expand, 
Possible XML Injection



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FELIX-6193) Update maven-archiver + plexus-utils

Reply via email to