Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-12821

Camunda 7.15.0-alpha1 uses MyBatis 3.5.3 with vulnerability

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L2 - Critical L2 - Critical
    • None
    • 7.15.0-alpha1, 7.15.0
    • camunda.org, engine
    • None

      When analyzing the violations through OWASP, it turned out that the latest version of Camunda uses the MyBatis version, which mishandles deserialization of object streams.

       

      Published Vulnerabilities:

      https://nvd.nist.gov/vuln/detail/CVE-2020-26945

        This is the controller panel for Smart Panels app

              tobias.metzke Tobias Metzke-Bernstein
              jprzybyla Jakub Przybyła
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: