[jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6

Damien Diederen (Jira) Wed, 01 Sep 2021 09:57:04 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Damien Diederen resolved ZOOKEEPER-4343.
----------------------------------------
    Fix Version/s: 3.8.0
       Resolution: Fixed

Issue resolved by pull request 1735
[https://github.com/apache/zookeeper/pull/1735]

> OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
> ----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4343
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4343
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.8.0
>            Reporter: Damien Diederen
>            Assignee: Damien Diederen
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.8.0
>
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> {noformat}
> [ERROR] One or more dependencies were identified with vulnerabilities that 
> have a CVSS score greater than or equal to '0,0': 
> [ERROR] 
> [ERROR] commons-io-2.6.jar: CVE-2021-29425
> [ERROR] 
> [ERROR] See the dependency-check report for more details.
> {noformat}
> The issue is fixed in release 2.7:
>     
> - https://nvd.nist.gov/vuln/detail/CVE-2021-29425
> - https://issues.apache.org/jira/browse/IO-556
> - https://issues.apache.org/jira/browse/IO-559
> - https://commons.apache.org/proper/commons-io/changes-report.html#a2.7



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6

Reply via email to