Camunda 7.15.0-alpha1 uses MyBatis 3.5.3 with vulnerability

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Fixed
    • Priority: L2 - Critical
    • None
    • Affects Version/s: 7.15.0-alpha1, 7.15.0
    • Component/s: camunda.org, engine
    • None

      When analyzing the violations through OWASP, it turned out that the latest version of Camunda uses the MyBatis version, which mishandles deserialization of object streams.

       

      Published Vulnerabilities:

      https://nvd.nist.gov/vuln/detail/CVE-2020-26945

        This is the controller panel for Smart Panels app

              Assignee:
              Tobias Metzke-Bernstein
              Reporter:
              Jakub Przybyła
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: