Skip to content

Upgrade commons-beanutils to 1.9.4 #15

New issue
New issue
Open
Open
Upgrade commons-beanutils to 1.9.4#15
@rmkanda

Description

@rmkanda
rmkanda
opened on Jun 11, 2020

Upgrade commons-beanutils to 1.9.4

Vulnerability:

commons-beanutils-1.8.3.jar (pkg:maven/commons-beanutils/commons-beanutils@1.8.3, cpe:2.3:a:apache:commons_beanutils:1.8.3:*:*:*:*:*:*:*) : CVE-2014-0114, CVE-2019-10086

Refer: https://nvd.nist.gov/vuln/detail/CVE-2014-0114

Dependency Tree:

[INFO] |  +- org.springframework.data:spring-data-mongodb:jar:3.0.0.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-tx:jar:5.2.6.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-expression:jar:5.2.6.RELEASE:compile
[INFO] |  |  +- org.springframework.data:spring-data-commons:jar:2.3.0.RELEASE:compile
[INFO] |  |  \- org.mongodb:mongodb-driver-core:jar:4.0.3:compile
[INFO] |  \- org.mongeez:mongeez:jar:0.9.6:compile
[INFO] |     +- org.apache.commons:commons-digester3:jar:3.2:compile
[INFO] |     |  +- cglib:cglib:jar:2.2.2:compile
[INFO] |     |  |  \- asm:asm:jar:3.3.1:compile
[INFO] |     |  +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] |     |  \- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] |     \- org.mongodb:mongo-java-driver:jar:3.0.1:compile

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions