Sven-Jørgen Karlsen created AMQ-8984:
----------------------------------------
Summary: Fix or challenge CVE-2015-3208 reported by
ossindex.sonatype.org
Key: AMQ-8984
URL: https://issues.apache.org/jira/browse/AMQ-8984
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.16.5, 5.16.4, 5.16.3
Reporter: Sven-Jørgen Karlsen
I get CVE-2015-3208 reported against activemq-broker 5.16.3-5 when running
maven-enforcer-plugin with the banVulnerable rule. The vulnerability can also
be seen on ossindex.org:
[https://ossindex.sonatype.org/vulnerability/CVE-2015-3208?component-type=maven&component-name=org.apache.activemq%2Factivemq-broker&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1]
It looks rather dated, is it some kind of fault in Sonatype's database? I have
seen several odd occurrences of old vulnerabilities in ossindex.org the last
month or so, after the "breaking changes" being working on in the OSS Index
data.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
