Mario Jauvin created CONFIGURATION-830:
------------------------------------------
Summary: Critical vulnerability on commons-text 1.9. Please
upversion to 1.10.0
Key: CONFIGURATION-830
URL: https://issues.apache.org/jira/browse/CONFIGURATION-830
Project: Commons Configuration
Issue Type: Bug
Components: Build
Affects Versions: 2.8.0
Reporter: Mario Jauvin
Fix For: 2.9.0
commons-configuration2 version 2.8.0 has a dependency on commons-text:1.9 that
has a critical vulnerability: [CVE-2022-42889] CWE-94: Improper Control of
Generation of Code ('Code Injection'). See
[org.apache.commons:commons-text:1.9|https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/[email protected]]
for details.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
