[jira] [Created] (TILES-595) Usage of vulnerable version of ognl

Al Wi (JIRA) Tue, 23 Jan 2018 05:30:39 -0800

Al Wi created TILES-595:
---------------------------

             Summary: Usage of vulnerable version of ognl
                 Key: TILES-595
                 URL: https://issues.apache.org/jira/browse/TILES-595
             Project: Tiles
          Issue Type: Bug
          Components: tiles-ognl
    Affects Versions: 3.0.7
            Reporter: Al Wi



[OWASP dependency|https://www.owasp.org/index.php/OWASP_Dependency_Check] check 
states the usage of a vulnerable version of the ognl library.

[INFO] | | +- org.apache.tiles:tiles-ognl:jar:3.0.8:compile
[INFO] | | | \- ognl:ognl:jar:2.7.3:compile

According to the information given by the dependency check version 2.7.3 of 
ognl is vulnerable (CVE-2016-3093).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TILES-595) Usage of vulnerable version of ognl

Reply via email to