Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-1456

onap-dcaegen2-services-son-handler - 2019-04-20


    • Icon: Task Task
    • Resolution: Done
    • Icon: High High
    • Dublin Release
    • Dublin Release
    • None
    • None

      Switch to recommended non-vulnerable version (last column)


      onap-dcaegen2-services-son-handler  org.springframework.data : spring-data-jpa : 2.0.9.RELEASE The Spring spring-data-jpa package is vulnerable to Information Disclosure. The postProcess() method in the JpaRepositoryConfigExtension class, the build() method in the JpaQueryCreator$PredicateBuilder class, the create() method in the JpaQueryLookupStrategy() class, the next() method in the ParameterMetadataProvider class, the prepare() method in the ParameterMetadataProvider$ParameterMetadata class, the createCreator() method in the PartTreeJpaQuery$QueryPreparer class, the getQueryLookupStrategy() method in the JpaRepositoryFactory class, and the createRepositoryFactory() method in the JpaRepositoryBean class allow control characters in LIKE expressions.
      Switch to 2.0.14.RELEASE

            krishnaa96 krishnaa96
            vv770d vv770d
            0 Vote for this issue
            1 Start watching this issue