Uploaded image for project: 'Directory Kerberos'
  1. Directory Kerberos
  2. DIRKRB-757

CVE-2020-15250 vulnerability from the junit dependency in Kerby ASN1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.1
    • 2.0.2
    • has-project
    • None
    • Important

    Description

      Kerby asn1 2.0.1 uses the junit 4.13 version which has a direct vulnerability of CVE-2020-15250.

      https://mvnrepository.com/artifact/org.apache.kerby/kerby-asn1/2.0.1

      The project has been already updated with the junit version 4.13.2 which doesn't have any detected vulnerabilities.

      https://github.com/apache/directory-kerby/blob/trunk/pom.xml#L56

       

      Can we expect a release with the updated junit version?

      Attachments

        Activity

          People

            Unassigned Unassigned
            thamindu95 Thamindu Jayawickrama
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified