Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-12821

Camunda 7.15.0-alpha1 uses MyBatis 3.5.3 with vulnerability

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Fixed
    • L2 - Critical
    • None
    • 7.15.0-alpha1, 7.15.0
    • camunda.org, engine
    • None

    Description

      When analyzing the violations through OWASP, it turned out that the latest version of Camunda uses the MyBatis version, which mishandles deserialization of object streams.

       

      Published Vulnerabilities:

      https://nvd.nist.gov/vuln/detail/CVE-2020-26945

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              tobias.metzke Tobias Metzke-Bernstein
              jprzybyla Jakub Przybyła
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce