Uploaded image for project: 'Maven Site Plugin'
  1. Maven Site Plugin
  2. MSITE-830

Dependency upgrades related to identified security reports

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.8.2
    • Component/s: None
    • Labels:
      None

      Description

      Fix problems reported by Snyk.io
       

      H Arbitrary File Write via Archive Extraction (Zip Slip) in org.codehaus.plexus:plexus-archiver
      H  Arbitrary Code Execution in commons-beanutils:commons-beanutils
      H  Arbitrary Code Execution in commons-collections:commons-collections
      H  XML External Entity (XXE) Injection in dom4j:dom4j
      H  Denial of Service (DoS) in org.apache.pdfbox:fontbox
      H  Arbitrary Code Injection in org.apache.struts:struts-core
      H  Arbitrary Command Execution in org.mortbay.jetty:jetty
      M Denial of Service (DoS) in org.apache.commons:commons-compress
      M Directory Traversal in org.apache.commons:commons-compress
      M  Man-in-the-Middle (MitM) in org.apache.httpcomponents:httpclient
      M  Directory Traversal in org.apache.httpcomponents:httpclient
      M  Improper Input Validation in org.apache.httpcomponents:httpclient
      M  Information Exposure in org.apache.httpcomponents:httpclient
      M  Denial of Service (DoS) in org.apache.httpcomponents:httpclient
      M  Denial of Service (DoS) in org.apache.pdfbox:pdfbox
      L Denial of Service (DoS) in org.apache.commons:commons-compress

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                slachiewicz Sylwester Lachiewicz
                Reporter:
                slachiewicz Sylwester Lachiewicz
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: