Details
-
Bug Report
-
Resolution: Fixed
-
L3 - Default
-
7.6.0, 7.7.0-alpha2
-
None
-
None
Description
camunda-engine-rest-core has compile time dependency commons-fileupload that has known security vulnerabilities:
https://nvd.nist.gov/vuln/detail/CVE-2016-3092
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000031
+- org.camunda.bpm.webapp:camunda-webapp:jar:classes:7.6.0:compile
| | \- org.camunda.bpm:camunda-engine-rest-core:jar:7.6.0:compile
| | +- commons-fileupload:commons-fileupload:jar:1.2.2:compile
| | \- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.8.8:compile
| | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.8.8:compile
solution would be to upgrade commons-fileupload to the newest version