-
Task
-
Resolution: Done
-
Medium
-
None
-
None
Please provide supplementary information or consider update for the following vulnerabilities:
Critical vulnerabilities:
- c3p0 : 0.9.5.2 – recommended upgrade to 0.9.5.3
- tomcat-embed-core : 8.5.28 - have you considered configuring the filter appropriately for your environment?
- angular-sanitize 1.5.0 – in further versions by default, the svgEnabled is set to false, so upgrade should be considered to 1.5+.
- org.webjars.bower angular 1.5.0
- elasticsearch : 2.2.0 – upgrade of Elasticsearch Alerting and Monitoring to versions after 6.4.1 or 5.6.12
- postgresql : 9.1-901-1.jdbc4 – to consider either upgrade or ed by switch the SSL factory back to the default LibPQFactory.
- jetty-util : 9.2.14.v20151106
- moment 2.1.0 – if you could please look at this link https:// www.npmjs.com/advisories/55/versions , you could discover that upgrade to at least 2.11.2+ is a solution.
- angular-ui-grid 3.0.7
- dom4j : 1.6.1
Severe vulnerabilities:
- wicket-util : 1.5.16
- jquery 2.2.4 and 1.4.2
- org.webjars bootstrap 3.3.7 – I think that you should consider an upgrade to at least 4.1.2 version or later
- esapi : 2.1.0.1
- angularjs 1.4.8
- For netty handler please click on the link under the issue description (digit 295) for more details and you get redirection to the following page: https:// cwe.mitre.org/data/definitions/295.html
- zookeeper : 3.4.11
- antisamy : 1.4.3
- commons-fileupload : 1.3.3