[
https://issues.apache.org/jira/browse/CONNECTORS-1715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17552149#comment-17552149
]
Karl Wright commented on CONNECTORS-1715:
-----------------------------------------
[~pj.fanning], this is a blanket scan identifying jars with known CVEs. There
has been no analysis done whatsoever about whether the specific CVE attack is
even a possibility in the ManifoldCF environment. That's a lot of work but I
will wager after all of that the major problem is that the tool doesn't
understand the actual usage of ManifoldCF and is thus incapable of giving good
advice.
> Vulnerabilities in 45 jars in Apache Manifold CF 2.22.1 version
> ---------------------------------------------------------------
>
> Key: CONNECTORS-1715
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1715
> Project: ManifoldCF
> Issue Type: Bug
> Affects Versions: ManifoldCF 2.22
> Reporter: Himanshu
> Assignee: Karl Wright
> Priority: Major
> Fix For: ManifoldCF 2.23
>
> Attachments: dependency-check-report-Apache Manifold.html
>
>
> 45 vulnerable jars are present in apache-manifoldcf version 2.22.1
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
