[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mario Kevo updated GEODE-10415:
---
Component/s: build
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
> Components: build
>Affects Versions: 1.15.0
>Reporter: Shruti
>Assignee: Mario Kevo
>Priority: Blocker
> Labels: pull-request-available
> Fix For: 1.15.1, 1.16.0
>
>
> We are detecting the following CVEs with geode
> High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mario Kevo updated GEODE-10415:
---
Labels: pull-request-available (was: needsTriage pull-request-available)
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Assignee: Mario Kevo
>Priority: Blocker
> Labels: pull-request-available
> Fix For: 1.15.1, 1.16.0
>
>
> We are detecting the following CVEs with geode
> High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mario Kevo updated GEODE-10415:
---
Fix Version/s: 1.15.1
1.16.0
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Assignee: Mario Kevo
>Priority: Blocker
> Labels: needsTriage, pull-request-available
> Fix For: 1.15.1, 1.16.0
>
>
> We are detecting the following CVEs with geode
> High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated GEODE-10415:
---
Labels: needsTriage pull-request-available (was: needsTriage)
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Assignee: Mario Kevo
>Priority: Blocker
> Labels: needsTriage, pull-request-available
>
> We are detecting the following CVEs with geode
> High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Description:
We are detecting the following CVEs with geode
High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{ }}
{{NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-event 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical}}
{{spring-core 5.3.20
java-archive CVE-2016-127 Critical}}
{{jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
was:
We are detecting the following CVEs with geode
High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{ }}
{}NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY{}}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Priority: Blocker (was: Major)
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Priority: Blocker
> Labels: needsTriage
>
> We are detecting the following CVEs with geode
> High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
> {{ }}
> {}NAME INSTALLED FIXED-IN
> TYPE VULNERABILITY SEVERITY{}}}
> {{jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical}}
> {{shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
> {{shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical}}
> {{spring-core 5.3.20
> java-archive CVE-2016-127 Critical}}
> {{jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
> {{{}jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High{}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Description:
We are detecting the following CVEs with geode
High or critical vulnerabilities: 21
{{The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated}}
{{ }}
NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-event 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical}}
{{spring-core 5.3.20
java-archive CVE-2016-127 Critical}}
{{jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High
was:
We are detecting the following CVEs with geode
High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY
jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High
jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical
shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical
shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical
shiro-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-hash
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shruti updated GEODE-10415:
---
Description:
We are detecting the following CVEs with geode
High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{ }}
{}NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY{}}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-event 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical}}
{{spring-core 5.3.20
java-archive CVE-2016-127 Critical}}
{{jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{{}jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High{}
was:
We are detecting the following CVEs with geode
High or critical vulnerabilities: 21
{{The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated}}
{{ }}
NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY}}
{{jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
{{jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical}}
{{shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical}}
{{shiro-core 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical}}
{{shiro-crypto-core 1.9.0
[jira] [Updated] (GEODE-10415) CVEs detected in latest geode
[
https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Murmann updated GEODE-10415:
--
Labels: needsTriage (was: )
> CVEs detected in latest geode
> -
>
> Key: GEODE-10415
> URL: https://issues.apache.org/jira/browse/GEODE-10415
> Project: Geode
> Issue Type: Bug
>Affects Versions: 1.15.0
>Reporter: Shruti
>Priority: Major
> Labels: needsTriage
>
> We are detecting the following CVEs with geode
> High or critical vulnerabilities: 21
> The spring-core is likely Not Affected. But we would like to know about the
> rest of these listed CVEs. Any info is appreciated
>
> {{NAME INSTALLED FIXED-IN TYPE
> VULNERABILITY SEVERITY
> jetty-security 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-server 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-servlet 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-util 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-util-ajax 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-webapp 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-xml 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jgroups 3.6.14.Final 4.0.0
> java-archive GHSA-rc7h-x6cq-988q Critical
> shiro-cache 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-config-core 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-config-ogdl 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-core 1.9.0 1.9.1
> java-archive GHSA-4cf5-xmhp-3xj7 Critical
> shiro-core 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-crypto-cipher 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-crypto-core 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-crypto-hash 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-event 1.9.0
> java-archive CVE-2022-32532 Critical
> shiro-lang 1.9.0
> java-archive CVE-2022-32532 Critical
> spring-core 5.3.20
> java-archive CVE-2016-127 Critical
> jetty-http 9.4.46.v20220331
> java-archive CVE-2022-2048 High
> jetty-io 9.4.46.v20220331
> java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
