Details
-
Dependency upgrade
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Hi, I noticed that your project are using vulnerable libraries which are related to some CVEs. To prevent potential risk it may cause, I suggest a library update. Please look into the details below.
Vulnerable Library Version: org.springframework : spring-web : 5.2.2.RELEASE
CVE ID: [CVE-2020-5397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5397), [CVE-2020-5398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398)
Import Path: core/webapp/pom.xml, viewers/wicket/viewer/pom.xml
Suggested Safe Versions: 5.2.3.RELEASE
Vulnerable Library Version: org.apache.commons : commons-email : 1.4
CVE ID: [CVE-2018-1294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294), [CVE-2017-9801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801)
Import Path: core/runtime/pom.xml
Suggested Safe Versions: 1.5