[
https://issues.apache.org/jira/browse/SYSTEMML-2535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
XuCongying closed SYSTEMML-2535.
--------------------------------
Fix Version/s: Not Applicable
Resolution: Duplicate
duplicate issue (2536)
> Found CVEs in your dependencies
> -------------------------------
>
> Key: SYSTEMML-2535
> URL: https://issues.apache.org/jira/browse/SYSTEMML-2535
> Project: SystemML
> Issue Type: Dependency upgrade
> Reporter: XuCongying
> Priority: Major
> Fix For: Not Applicable
>
>
> Hi, I have noticed that some library CVEs may be related to your projects. I
> suggest a library update to avoid potential risks. See below for details:
>
> Vulnerable Library Version: com.typesafe.akka : akka-http_2.11 : 10.1.3
> CVE ID:
> [CVE-2018-16131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16131)
> Import Path: pom.xml
> Suggested Safe Versions: 10.1.10, 10.1.11, 10.1.5, 10.1.6, 10.1.7, 10.1.8,
> 10.1.9
> Vulnerable Library Version: commons-collections : commons-collections : 3.2.1
> CVE ID:
> [CVE-2015-6420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420)
> Import Path: pom.xml
> Suggested Safe Versions: 20030418.083655, 20031027.000000, 20040102.233541,
> 20040616, 3.2.2
> Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.7
> CVE ID:
> [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
> [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
> Import Path: pom.xml
> Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
> Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.7
> CVE ID:
> [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
> Import Path: pom.xml
> Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
