[ https://issues.apache.org/jira/browse/CONNECTORS-1715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17552149#comment-17552149 ]
Karl Wright commented on CONNECTORS-1715: ----------------------------------------- [~pj.fanning], this is a blanket scan identifying jars with known CVEs. There has been no analysis done whatsoever about whether the specific CVE attack is even a possibility in the ManifoldCF environment. That's a lot of work but I will wager after all of that the major problem is that the tool doesn't understand the actual usage of ManifoldCF and is thus incapable of giving good advice. > Vulnerabilities in 45 jars in Apache Manifold CF 2.22.1 version > --------------------------------------------------------------- > > Key: CONNECTORS-1715 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1715 > Project: ManifoldCF > Issue Type: Bug > Affects Versions: ManifoldCF 2.22 > Reporter: Himanshu > Assignee: Karl Wright > Priority: Major > Fix For: ManifoldCF 2.23 > > Attachments: dependency-check-report-Apache Manifold.html > > > 45 vulnerable jars are present in apache-manifoldcf version 2.22.1 -- This message was sent by Atlassian Jira (v8.20.7#820007)