[CAMEL-13169] c3p0 dependent version (0.9.5.2) has a security vulnerability (CVE-2018-20433) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.23.1
Fix Version/s: 2.23.2, 2.24.0, 2.22.4, 3.0.0
Component/s: camel-quartz2
Labels:
None

Estimated Complexity:
Unknown

Description

camel-quartz2 latest version (2.23.1) has a dependency on c3p0 version 0.9.5.2 and that version has a security vulnerability (CVE-2018-20433)
source: https://nvd.nist.gov/vuln/detail/CVE-2018-20433

The issue seems to be resolved by updating the dependency of c3p0 to 0.9.5.3. Please, update the camel-quartz2 to use newest version of c3p0 (0.9.5.3 at the time of writing this).

Attachments

Activity

People

Assignee:: Andrea Cosentino

Reporter:: Abraham Ciokler

Votes:: 2 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Feb/19 16:09

Updated:: 08/Feb/19 14:32

Resolved:: 08/Feb/19 14:32