Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-1456

onap-dcaegen2-services-son-handler - 2019-04-20

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • High
    • Resolution: Done
    • Dublin Release
    • Dublin Release
    • None
    • None

    Description

      Switch to recommended non-vulnerable version (last column)

       

      onap-dcaegen2-services-son-handler  org.springframework.data : spring-data-jpa : 2.0.9.RELEASE The Spring spring-data-jpa package is vulnerable to Information Disclosure. The postProcess() method in the JpaRepositoryConfigExtension class, the build() method in the JpaQueryCreator$PredicateBuilder class, the create() method in the JpaQueryLookupStrategy() class, the next() method in the ParameterMetadataProvider class, the prepare() method in the ParameterMetadataProvider$ParameterMetadata class, the createCreator() method in the PartTreeJpaQuery$QueryPreparer class, the getQueryLookupStrategy() method in the JpaRepositoryFactory class, and the createRepositoryFactory() method in the JpaRepositoryBean class allow control characters in LIKE expressions.
       
       
      Switch to 2.0.14.RELEASE
       
       

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              krishnaa96 krishna moorthy
              vv770d Vijay Venkatesh Kumar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: