Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-882

Critical vulnerability in commons collection

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.7.x, 2.0
    • None
    • None

    Description

      Hi,
      Snyk reported to us that velocity 1.7 contains a dependency to commons-collection 3.2.1 which is vulnerable to arbitrary code execution.
      https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078
      This should be fixed since many lib depends on this library...

      Attachments

        Activity

          People

            mkienenb Mike Kienenberger
            Sytten Emile Fugulin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: