Uploaded image for project: 'Maven Site Plugin'
  1. Maven Site Plugin
  2. MSITE-830

Dependency upgrades related to identified security reports

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.8.2
    • None
    • None

    Description

      Fix problems reported by Snyk.io
       

      H Arbitrary File Write via Archive Extraction (Zip Slip) in org.codehaus.plexus:plexus-archiver
      H  Arbitrary Code Execution in commons-beanutils:commons-beanutils
      H  Arbitrary Code Execution in commons-collections:commons-collections
      H  XML External Entity (XXE) Injection in dom4j:dom4j
      H  Denial of Service (DoS) in org.apache.pdfbox:fontbox
      H  Arbitrary Code Injection in org.apache.struts:struts-core
      H  Arbitrary Command Execution in org.mortbay.jetty:jetty
      M Denial of Service (DoS) in org.apache.commons:commons-compress
      M Directory Traversal in org.apache.commons:commons-compress
      M  Man-in-the-Middle (MitM) in org.apache.httpcomponents:httpclient
      M  Directory Traversal in org.apache.httpcomponents:httpclient
      M  Improper Input Validation in org.apache.httpcomponents:httpclient
      M  Information Exposure in org.apache.httpcomponents:httpclient
      M  Denial of Service (DoS) in org.apache.httpcomponents:httpclient
      M  Denial of Service (DoS) in org.apache.pdfbox:pdfbox
      L Denial of Service (DoS) in org.apache.commons:commons-compress

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. MSITE-837 use an embedded http server that is light and requires just Java 7

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Task - A task that needs to be done. MSITE-828 Upgrade to Java 8

          • Major - Major loss of function.
          • Closed

          Dependency upgrade - Upgrading a dependency to a newer version MSITE-829 Upgrade Jetty to 9.4.x

          • Major - Major loss of function.
          • Closed

          Dependency upgrade - Upgrading a dependency to a newer version MSITE-843 Update Jetty to 9.2.28

          • Major - Major loss of function.
          • Closed
          requires

          Dependency upgrade - Upgrading a dependency to a newer version MSITE-839 Upgrade to Maven Doxia (Sitetools) 1.9

          • Major - Major loss of function.
          • Closed

          Activity

            People

              slachiewicz Sylwester Lachiewicz
              slachiewicz Sylwester Lachiewicz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: