[AMBARI-25571] Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.4, 2.7.5
Fix Version/s: 2.7.6
Component/s: ambari-server
Labels:
None

Description

CVE-2020-5398 & CVE-2020-5421 are found in the listed versions.

Ambari 2.7.4/2.7.5 contains Spring 5.1.8 => should be upgraded to 5.1.18 at least.

Attachments

Issue Links

links to

Activity

People

Assignee:: Dmitry Lysnichenko

Reporter:: Dmitry Lysnichenko

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Oct/20 18:34

Updated:: 21/Oct/20 15:53

Resolved:: 21/Oct/20 15:53

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

20m