Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-25571

Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.7.4, 2.7.5
    • 2.7.6
    • ambari-server
    • None

    Description

      CVE-2020-5398 & CVE-2020-5421 are found in the listed versions.

      Ambari 2.7.4/2.7.5 contains Spring 5.1.8 => should be upgraded to 5.1.18 at least.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            dmitriusan Dmitry Lysnichenko
            dmitriusan Dmitry Lysnichenko
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment