Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-1210

dcaegen2/collectors/datafile security vulnerabilties

XMLWordPrintable

      Following vulnerabilities identified in CLM scan; upgrade to version recommended (last column)

       

      dcaegen2-collectors-datafile org.springframework : spring-web : 5.1.0.RELEASE      The Spring Framework is vulnerable to Denial of Service (DoS). The toResourceRegions() and parseRanges() methods in the HttpRange class process range requests with a large number of extensive ranges which can overlap causing additional resource consumption  Upgrade to 5.1.2.RELEASE if impacted
      dcaegen2-collectors-datafile  com.jcraft : jsch : 0.1.53      Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.  Upgrade to 0.1.54 if impacted

            elinuxhenrik elinuxhenrik
            vv770d vv770d
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: