[ https://issues.apache.org/jira/browse/GEODE-10415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shruti updated GEODE-10415: --------------------------- Description: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 {{The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated}} {{ }} {{{{NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY}} {{jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical}} {{shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical}} {{shiro-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-event 1.9.0 java-archive CVE-2022-32532 Critical}} {{shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical}} {{spring-core 5.3.20 java-archive CVE-2016-1000027 Critical}} {{jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High}} {{jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High}}}} was: We are detecting the following CVEs with geode 💥 High or critical vulnerabilities: 21 The spring-core is likely Not Affected. But we would like to know about the rest of these listed CVEs. Any info is appreciated {{NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY jetty-security 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-server 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-servlet 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-util 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-util-ajax 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-webapp 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-xml 9.4.46.v20220331 java-archive CVE-2022-2048 High jgroups 3.6.14.Final 4.0.0 java-archive GHSA-rc7h-x6cq-988q Critical shiro-cache 1.9.0 java-archive CVE-2022-32532 Critical shiro-config-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-config-ogdl 1.9.0 java-archive CVE-2022-32532 Critical shiro-core 1.9.0 1.9.1 java-archive GHSA-4cf5-xmhp-3xj7 Critical shiro-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-cipher 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-core 1.9.0 java-archive CVE-2022-32532 Critical shiro-crypto-hash 1.9.0 java-archive CVE-2022-32532 Critical shiro-event 1.9.0 java-archive CVE-2022-32532 Critical shiro-lang 1.9.0 java-archive CVE-2022-32532 Critical spring-core 5.3.20 java-archive CVE-2016-1000027 Critical jetty-http 9.4.46.v20220331 java-archive CVE-2022-2048 High jetty-io 9.4.46.v20220331 java-archive CVE-2022-2048 High}} > CVEs detected in latest geode > ----------------------------- > > Key: GEODE-10415 > URL: https://issues.apache.org/jira/browse/GEODE-10415 > Project: Geode > Issue Type: Bug > Affects Versions: 1.15.0 > Reporter: Shruti > Priority: Major > Labels: needsTriage > > We are detecting the following CVEs with geode > 💥 High or critical vulnerabilities: 21 > {{The spring-core is likely Not Affected. But we would like to know about the > rest of these listed CVEs. Any info is appreciated}} > {{ }} > {{{{NAME INSTALLED FIXED-IN TYPE > VULNERABILITY SEVERITY}} > {{jetty-security 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-server 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-servlet 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-util 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-util-ajax 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-webapp 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-xml 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jgroups 3.6.14.Final 4.0.0 > java-archive GHSA-rc7h-x6cq-988q Critical}} > {{shiro-cache 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-config-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-config-ogdl 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-core 1.9.0 1.9.1 > java-archive GHSA-4cf5-xmhp-3xj7 Critical}} > {{shiro-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-cipher 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-core 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-crypto-hash 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-event 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{shiro-lang 1.9.0 > java-archive CVE-2022-32532 Critical}} > {{spring-core 5.3.20 > java-archive CVE-2016-1000027 Critical}} > {{jetty-http 9.4.46.v20220331 > java-archive CVE-2022-2048 High}} > {{jetty-io 9.4.46.v20220331 > java-archive CVE-2022-2048 High}}}} -- This message was sent by Atlassian Jira (v8.20.10#820010)