Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
Description
There is a dependency on org.apache.directory.api:api-util:1.0.0, which is involved in CVE-2018-1337. The issue is fixed in api-util:1.0.2<=
This is a transitive dependency through the apacheds libs.
Can be fixed by upgrading to at least version 2.0.0.AM25
Since api-all is also a dependency, and there is a class collision between api-all and newer version of api-util, it is better to just upgrade api-util to 1.0.2