Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-882

Critical vulnerability in commons collection

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.7.x, 2.0
    • Component/s: None
    • Labels:
      None

      Description

      Hi,
      Snyk reported to us that velocity 1.7 contains a dependency to commons-collection 3.2.1 which is vulnerable to arbitrary code execution.
      https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078
      This should be fixed since many lib depends on this library...

        Attachments

          Activity

            People

            • Assignee:
              mkienenb Mike Kienenberger
              Reporter:
              Sytten Emile Fugulin
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: