-
Task
-
Resolution: Done
-
Medium
-
None
-
None
-
DCAE R4 Sprint 4
Following vulnerabilities identified in CLM scan; upgrade to version recommended (last column)
dcaegen2-collectors-datafile | org.springframework : spring-web : 5.1.0.RELEASE | The Spring Framework is vulnerable to Denial of Service (DoS). The toResourceRegions() and parseRanges() methods in the HttpRange class process range requests with a large number of extensive ranges which can overlap causing additional resource consumption | Upgrade to 5.1.2.RELEASE if impacted | ||
dcaegen2-collectors-datafile | com.jcraft : jsch : 0.1.53 | Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. | Upgrade to 0.1.54 if impacted |