[ZOOKEEPER-4343] OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.8.0
Fix Version/s: 3.8.0
Component/s: server
Labels:
- pull-request-available

Description

[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0,0': 
[ERROR] 
[ERROR] commons-io-2.6.jar: CVE-2021-29425
[ERROR] 
[ERROR] See the dependency-check report for more details.

The issue is fixed in release 2.7:

https://nvd.nist.gov/vuln/detail/CVE-2021-29425
https://issues.apache.org/jira/browse/IO-556
https://issues.apache.org/jira/browse/IO-559
https://commons.apache.org/proper/commons-io/changes-report.html#a2.7

Attachments

Issue Links

links to

GitHub Pull Request #1735

Activity

People

Assignee:: Damien Diederen

Reporter:: Damien Diederen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Aug/21 08:46

Updated:: 01/Sep/21 16:57

Resolved:: 01/Sep/21 16:56

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 50m