[MNG-6872] Found CVEs in your dependencies - plexus-utils (tests) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Minor
Resolution: Done
Affects Version/s: 3.6.3
Fix Version/s: 3.8.2, 4.0.0-alpha-2, 4.0.0
Component/s: None
Labels:
None

Description

I noticed some of your libraries contained CVEs. I suggest a library update to avoid potential risks. See below for more details:

Vulnerable Library Version: org.codehaus.plexus : plexus-utils : 1.5.5
CVE ID: [CVE-2017-1000487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000487)
Import Path: maven-core/src/test/resources-project-builder/micromailer/pom.xml
Suggested Safe Versions: 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0

Attachments

Activity

People

Assignee:: Karl Heinz Marbaise

Reporter:: XuCongying

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Mar/20 12:38

Updated:: 20/Oct/22 08:11

Resolved:: 09/Mar/20 17:27