[
https://issues.apache.org/jira/browse/KYLIN-5408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
longfeiJiang updated KYLIN-5408:
--------------------------------
Description:
Directory Traversal in org.apache.ivy:ivy | CVE-2022-37866 |
Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106929
Directory Traversal in org.apache.ivy:ivy | CVE-2022-37865 |
Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106014
h2. How to fix?
Upgrade {{org.apache.ivy:ivy}} to version 2.5.1 or higher.
was:
[!https://snyk.io/favicon.png!Directory Traversal in org.apache.ivy:ivy |
CVE-2022-37866 |
Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106929]
[!https://snyk.io/favicon.png!Directory Traversal in org.apache.ivy:ivy |
CVE-2022-37865 |
Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106014]
h2. How to fix?
Upgrade {{org.apache.ivy:ivy}} to version 2.5.1 or higher.
> Fix new critical-risk vulnerability CVE-2022-37866 /
> SNYK-JAVA-ORGAPACHEIVY-3106014
> -----------------------------------------------------------------------------------
>
> Key: KYLIN-5408
> URL: https://issues.apache.org/jira/browse/KYLIN-5408
> Project: Kylin
> Issue Type: Bug
> Affects Versions: 5.0-alpha
> Reporter: longfeiJiang
> Priority: Major
> Fix For: 5.0-alpha
>
>
> Directory Traversal in org.apache.ivy:ivy | CVE-2022-37866 |
> Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106929
> Directory Traversal in org.apache.ivy:ivy | CVE-2022-37865 |
> Snyk|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-3106014
> h2. How to fix?
> Upgrade {{org.apache.ivy:ivy}} to version 2.5.1 or higher.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
