-
Task
-
Resolution: Done
-
High
-
Dublin Release
-
None
-
None
-
DCAE R4 Sprint 8 (RC0)
Switch to recommended non-vulnerable version (last column)
onap-dcaegen2-services-son-handler | org.springframework.data : spring-data-jpa : 2.0.9.RELEASE | The Spring spring-data-jpa package is vulnerable to Information Disclosure. The postProcess() method in the JpaRepositoryConfigExtension class, the build() method in the JpaQueryCreator$PredicateBuilder class, the create() method in the JpaQueryLookupStrategy() class, the next() method in the ParameterMetadataProvider class, the prepare() method in the ParameterMetadataProvider$ParameterMetadata class, the createCreator() method in the PartTreeJpaQuery$QueryPreparer class, the getQueryLookupStrategy() method in the JpaRepositoryFactory class, and the createRepositoryFactory() method in the JpaRepositoryBean class allow control characters in LIKE expressions. |
Switch to 2.0.14.RELEASE |
- relates to
-
DCAEGEN2-1275 dcaegen2/services/son-handler security vulnerabilities
- Closed