XuCongying created SYSTEMML-2536:
------------------------------------
Summary: Found CVEs in your dependencies
Key: SYSTEMML-2536
URL: https://issues.apache.org/jira/browse/SYSTEMML-2536
Project: SystemML
Issue Type: Dependency upgrade
Reporter: XuCongying
Hi, I have noticed that some library CVEs may be related to your projects. I
suggest a library update to avoid potential risks. See below for details:
Vulnerable Library Version: com.typesafe.akka : akka-http_2.11 : 10.1.3
CVE ID:
[CVE-2018-16131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16131)
Import Path: pom.xml
Suggested Safe Versions: 10.1.10, 10.1.11, 10.1.5, 10.1.6, 10.1.7, 10.1.8,
10.1.9
Vulnerable Library Version: commons-collections : commons-collections : 3.2.1
CVE ID:
[CVE-2015-6420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420)
Import Path: pom.xml
Suggested Safe Versions: 20030418.083655, 20031027.000000, 20040102.233541,
20040616, 3.2.2
Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.7
CVE ID:
[CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
[CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
Import Path: pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.7
CVE ID:
[CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
Import Path: pom.xml
Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
