Shruti created GEODE-10415:
------------------------------
Summary: CVEs detected in latest geode
Key: GEODE-10415
URL: https://issues.apache.org/jira/browse/GEODE-10415
Project: Geode
Issue Type: Bug
Affects Versions: 1.15.0
Reporter: Shruti
We are detecting the following CVEs with geode
💥 High or critical vulnerabilities: 21
The spring-core is likely Not Affected. But we would like to know about the
rest of these listed CVEs. Any info is appreciated
{{NAME INSTALLED FIXED-IN TYPE
VULNERABILITY SEVERITY
jetty-security 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-server 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-servlet 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-util-ajax 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-webapp 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-xml 9.4.46.v20220331
java-archive CVE-2022-2048 High
jgroups 3.6.14.Final 4.0.0
java-archive GHSA-rc7h-x6cq-988q Critical
shiro-cache 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-config-ogdl 1.9.0
java-archive CVE-2022-32532 Critical
shiro-core 1.9.0 1.9.1
java-archive GHSA-4cf5-xmhp-3xj7 Critical
shiro-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-cipher 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-core 1.9.0
java-archive CVE-2022-32532 Critical
shiro-crypto-hash 1.9.0
java-archive CVE-2022-32532 Critical
shiro-event 1.9.0
java-archive CVE-2022-32532 Critical
shiro-lang 1.9.0
java-archive CVE-2022-32532 Critical
spring-core 5.3.20
java-archive CVE-2016-1000027 Critical
jetty-http 9.4.46.v20220331
java-archive CVE-2022-2048 High
jetty-io 9.4.46.v20220331
java-archive CVE-2022-2048 High}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
