Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-7843

commons-fileupload has known security vulnerabilities

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Fixed
    • L3 - Default
    • 7.8.0, 7.8.0-alpha1
    • 7.6.0, 7.7.0-alpha2
    • None
    • None

    Description

      camunda-engine-rest-core has compile time dependency commons-fileupload that has known security vulnerabilities:

      https://nvd.nist.gov/vuln/detail/CVE-2016-3092
      http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050
      http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000031

      +- org.camunda.bpm.webapp:camunda-webapp:jar:classes:7.6.0:compile
      |  |  \- org.camunda.bpm:camunda-engine-rest-core:jar:7.6.0:compile
      |  |     +- commons-fileupload:commons-fileupload:jar:1.2.2:compile
      |  |     \- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.8.8:compile
      |  |        \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.8.8:compile
      

      solution would be to upgrade commons-fileupload to the newest version

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              sebastian.menski Sebastian Menski
              pczekaj Piotr Czekaj
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce