Details
-
Task
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.8.1
Description
Please upgrade the vulnerabile third party libraies that are used with Apache ActiveMQ Artimis
Dependency CPE Highest Severity CVE Count CPE Confidence
---------------------------------|--------------------------------------------|------------------|-------------|----------------------
spring-core-5.0.1.RELEASE.jar cpe:/a:springsource:spring_framework:5.0.1 High 8 Highest
https://nvd.nist.gov/vuln/detail/CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Mitigation : Spring-core-5.0.1 is from Oct 2017, the latetst 5..1.7 is from May 2019
Attachments
Issue Links
- links to