Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-1456

onap-dcaegen2-services-son-handler - 2019-04-20

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: High High
    • Dublin Release
    • Dublin Release
    • None
    • None

      Switch to recommended non-vulnerable version (last column)

       

      onap-dcaegen2-services-son-handler  org.springframework.data : spring-data-jpa : 2.0.9.RELEASE The Spring spring-data-jpa package is vulnerable to Information Disclosure. The postProcess() method in the JpaRepositoryConfigExtension class, the build() method in the JpaQueryCreator$PredicateBuilder class, the create() method in the JpaQueryLookupStrategy() class, the next() method in the ParameterMetadataProvider class, the prepare() method in the ParameterMetadataProvider$ParameterMetadata class, the createCreator() method in the PartTreeJpaQuery$QueryPreparer class, the getQueryLookupStrategy() method in the JpaRepositoryFactory class, and the createRepositoryFactory() method in the JpaRepositoryBean class allow control characters in LIKE expressions.
       
             		 Switch to 2.0.14.RELEASE
       
       

            krishnaa96 krishnaa96
            vv770d vv770d
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: