Hi Oleg,
it seems these issues are not related to BlazeDS ... the
flex-messaging-opt-tomcat7-4.7.2.jar for example contains only one class.
The CVEs reported by that tool seem to all be related to tomcat. We can’t do
much about that. Also as far ar I know there aren’t any CVEs in any of the
Actually, with BlazeDS 4.01blazeds-core-4.0.0.14931.jar
there was only 1 vulnerable file and 1 High and 1 medium vulnerability.
CVE-2011-2092 suppress
Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation
Adobe LiveCycle Data Services 3.1
As a user I would expect something like:
and force users to understand and provide this pattern explicitly in
production deployment
On Mon, Nov 21, 2016 at 10:50 AM, olegkon wrote:
> Hi,
>
> We are in the process of upgrading BlazeDS in Flex+Java web
Hi,
We are in the process of upgrading BlazeDS in Flex+Java web app,
because when we run OWASP Dependency Check 1.4.3, it showed a High
Vulnerabilities in 1 file:
Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence
Count
cre.war: blazeds-core-4.0.0.14931.jar