[SONARSWIFT-451] Update dependencies on Apache commons-io and commons-collections - SonarSource

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.3
Component/s: None
Labels:
None

Description

Software Composition Analysis reports finds that some of the dependencies used by the analyzer are vulnerable. Even we we don't use the features which are vulnerable, we should update those dependencies.

The potential vulnerabilities are:

Remote code execution in commons-collections 3.2.1 (CVE-2015-6420 and CVE-2017-15708)
File path traversal in commons-io 2.6 (https://issues.apache.org/jira/browse/IO-559)

Attachments

Activity

People

Assignee:: Elena Vilchik

Reporter:: Elena Vilchik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jun/20 1:58 PM

Updated:: 29/Mar/21 5:28 PM

Resolved:: 26/Oct/20 11:46 AM