Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3262

Update dependencies flagged by OWASP report

    XMLWordPrintableJSON

    Details

      Description

      Currently OWASP plugin is reporting these vulnerabilities:

      CVE-2018-14719 CWE-502 Deserialization of Untrusted Data High(7.5) jackson-databind-2.9.5.jar
      CVE-2018-14720 CWE-611 Improper Restriction of XML External Entity Reference ('XXE') High(7.5) jackson-databind-2.9.5.jar
      CVE-2018-14721 CWE-918 Server-Side Request Forgery (SSRF) High(7.5) jackson-databind-2.9.5.jar
      CVE-2018-19360 CWE-502 Deserialization of Untrusted Data High(7.5) jackson-databind-2.9.5.jar
      CVE-2018-19361 CWE-502 Deserialization of Untrusted Data High(7.5) jackson-databind-2.9.5.jar
      CVE-2018-19362 CWE-502 Deserialization of Untrusted Data High(7.5) jackson-databind-2.9.5.jar
      CVE-2017-7657 CWE-190 Integer Overflow or Wraparound High(7.5) jetty-http-9.4.10.v20180503.jar   
      CVE-2017-7658 CWE-19 Data Processing Errors High(7.5) jetty-http-9.4.10.v20180503.jar   
      CVE-2018-1000873 CWE-20 Improper Input Validation Medium(5.0) jackson-databind-2.9.5.jar
      CVE-2017-7656 CWE-284 Improper Access Control Medium(5.0) jetty-http-9.4.10.v20180503.jar   
      CVE-2018-12536 CWE-200 Information Exposure Medium(5.0) jetty-http-9.4.10.v20180503.jar   
      CVE-2018-12056 CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Medium(5.0) netty-all-4.1.29.Final.jar

      We have to upgrade all of them or add suppressions

       

      in the Maven build we also have;

      pom.xml: CVE-2018-8012, CVE-2016-5017

        Attachments

          Activity

            People

            • Assignee:
              eolivelli Enrico Olivelli
              Reporter:
              eolivelli Enrico Olivelli
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 5.5h
                5.5h