Vishal Ranjan created TIKA-3925:
-----------------------------------
Summary: Use of vulnerable quartz and c3p0 in
tika-parser-scientific-module
Key: TIKA-3925
URL: https://issues.apache.org/jira/browse/TIKA-3925
Project: Tika
Issue Type: Bug
Components: depedency
Affects Versions: 2.6.0
Reporter: Vishal Ranjan
There are followingHigh security vulnerabilities in
tika-parser-scientific-module:2.6.0:
quartz:2.2.0 has CVE-2019-13990
c3p0:0.9.1.1 has CVE-2018-20433
The suggested resolution is to upgrade these dependencies but
"tika-parser-scientific-module" latest version 2.6.0 still uses same version.
Because of this we are unable to do away with these vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
