Details
-
Dependency upgrade
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
Description
Hi, I have noticed that some library CVEs may be related to your projects. I suggest a library update to avoid potential risks. See below for details:
Vulnerable Library Version: com.typesafe.akka : akka-http_2.11 : 10.1.3
CVE ID: [CVE-2018-16131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16131)
Import Path: pom.xml
Suggested Safe Versions: 10.1.10, 10.1.11, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 10.1.9
Vulnerable Library Version: commons-collections : commons-collections : 3.2.1
CVE ID: [CVE-2015-6420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420)
Import Path: pom.xml
Suggested Safe Versions: 20030418.083655, 20031027.000000, 20040102.233541, 20040616, 3.2.2
Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.7
CVE ID: [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
Import Path: pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.7
CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
Import Path: pom.xml
Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1