6.3.4+ due to CVE-2024-38821

Radhika Kundam (Jira) Thu, 07 Nov 2024 15:36:17 -0800


     [ 
https://issues.apache.org/jira/browse/ATLAS-4915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Radhika Kundam updated ATLAS-4915:
----------------------------------
    Fix Version/s: 3.0.0
                   2.4.0

> Upgrade Spring Security to 5.7.13/5.8.15/6.2.7/6.3.4+ due to CVE-2024-38821
> ---------------------------------------------------------------------------
>
>                 Key: ATLAS-4915
>                 URL: https://issues.apache.org/jira/browse/ATLAS-4915
>             Project: Atlas
>          Issue Type: Task
>          Components:  atlas-core
>            Reporter: Disha Talreja
>            Assignee: Disha Talreja
>            Priority: Major
>             Fix For: 3.0.0, 2.4.0
>
>         Attachments: ATLAS-4915.patch
>
>
> Upgrade Spring Security to 5.7.13/5.8.15/6.2.7/6.3.4+ due to CVE-2024-38821
> Affected versions of this package are vulnerable to Missing Authorization 
> allowing Spring Security authorization rules to be bypassed for static 
> resources.
> [https://nvd.nist.gov/vuln/detail/CVE-2024-38821] 
> [https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8309135] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ATLAS-4915) Upgrade Spring Security to 5.7.13/5.8.15/6.2.7/6.3.4+ due to CVE-2024-38821

Reply via email to