[NIFI-5957] 74 high severity CVEs in nifi 1.8.0 - third party dependency libraries - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.7.1
Fix Version/s: None
Component/s: Core Framework, Security
Labels:
- security
Environment:
Inserted OWASP Dependency Check plugin into nifi pom.xml & ran report

Description

There are 74 High severity CVEs in nifi 1.8.0 according to OWASP Dependency check.

There is a possibility of a few false positives with this report, /but/ there is the commons-collections:commons-collections:3.2.1 issue which there is proof-of-concept exploit code out for for three years. These dependencies need to be cleaned up.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Albert Baker

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Jan/19 15:43

Updated:: 27/Apr/21 13:29

Resolved:: 27/Apr/21 13:29