[jira] [Updated] (TILES-595) Usage of vulnerable ognl version (2.7.3, CVE-2016-3093)

Al Wi (JIRA) Tue, 23 Jan 2018 05:31:16 -0800

     [ 
https://issues.apache.org/jira/browse/TILES-595?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Al Wi updated TILES-595:
------------------------
    Summary: Usage of vulnerable ognl version (2.7.3, CVE-2016-3093)  (was: 
Usage of vulnerable version of ognl)

> Usage of vulnerable ognl version (2.7.3, CVE-2016-3093)
> -------------------------------------------------------
>
>                 Key: TILES-595
>                 URL: https://issues.apache.org/jira/browse/TILES-595
>             Project: Tiles
>          Issue Type: Bug
>          Components: tiles-ognl
>    Affects Versions: 3.0.7
>            Reporter: Al Wi
>            Priority: Major
>
> [OWASP dependency|https://www.owasp.org/index.php/OWASP_Dependency_Check] 
> check states the usage of a vulnerable version of the ognl library.
> [INFO] | | +- org.apache.tiles:tiles-ognl:jar:3.0.8:compile
> [INFO] | | | \- ognl:ognl:jar:2.7.3:compile
> According to the information given by the dependency check version 2.7.3 of 
> ognl is vulnerable (CVE-2016-3093).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (TILES-595) Usage of vulnerable ognl version (2.7.3, CVE-2016-3093)

Reply via email to