Jota Martos created ZOOKEEPER-4868:
--------------------------------------
Summary: Bump commons-io library to 2.14.0
Key: ZOOKEEPER-4868
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4868
Project: ZooKeeper
Issue Type: Task
Components: server
Affects Versions: 3.9.2, 3.8.4
Reporter: Jota Martos
CVE-2024-47554 is fixed in that version of the library.
{code}
Java (jar)
==========
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL:
0)┌───────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │
Status │ Installed Version │ Fixed Version │ Title
│
├───────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ commons-io:commons-io (commons-io-2.11.0.jar) │ CVE-2024-47554 │ HIGH │
fixed │ 2.11.0 │ 2.14.0 │ apache-commons-io: Possible denial
of service attack on │
│ │ │ │
│ │ │ untrusted input to XmlStreamReader
│
│ │ │ │
│ │ │
https://avd.aquasec.com/nvd/cve-2024-47554 │
└───────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘
{code}
h4. Steps to reproduce
{code}
trivy image zookeeper:3.9
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
