Details
-
Task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.8.4, 3.9.2
Description
CVE-2024-47554 is fixed in that version of the library. Could please you confirm whether Zookeeper is affected by this vulnerability and if so, are there any plans to update the dependency?
Java (jar)
==========
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
┌───────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├───────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ commons-io:commons-io (commons-io-2.11.0.jar) │ CVE-2024-47554 │ HIGH │ fixed │ 2.11.0 │ 2.14.0 │ apache-commons-io: Possible denial of service attack on │
│ │ │ │ │ │ │ untrusted input to XmlStreamReader │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47554 │
└───────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘
Steps to reproduce
trivy image zookeeper:3.9
Issue resolved by pull request 2197
https://github.com/apache/zookeeper/pull/2197