'[CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-announce
Subject:    [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
From:       "Vishwas Babu (Apache)" <vishwasbabu () apache ! org>
Date:       2019-10-16 6:25:57
Message-ID: CACqpLwJGBRp9cpyhVwxvc0SSrTbUoDxAr+YnywXjj=BRFhiyPw () mail ! gmail ! com
[Download RAW message or body]

Hello,

The Apache Fineract project would like to hereby disclose that our 1.3.0

release includes a fix for CVE-2016-4977 : A known vulnerability in spring

security upstream dependencies allowed malicious users to trigger remote code

execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of

the upstream CVE.

We would like to thank Roberto (extranewbugs@gmail.com) for reporting

this issue and the Apache Security team for their assistance.

Additional details at
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report.

Regards,
Vishwas

[Attachment #3 (text/html)]

<div dir="ltr"><pre style="color:rgb(0,0,0);margin:0em">Hello,<br><br>The Apache \
Fineract project would like to hereby disclose that our 1.3.0 </pre><pre \
style="color:rgb(0,0,0);margin:0em">release includes a fix for CVE-2016-4977 : A \
known vulnerability in spring </pre><pre style="color:rgb(0,0,0);margin:0em">security \
upstream dependencies allowed malicious users to trigger remote code</pre><pre \
style="color:rgb(0,0,0);margin:0em">execution. See <a \
href="https://nvd.nist.gov/vuln/detail/CVE-2016-4977">https://nvd.nist.gov/vuln/detail/CVE-2016-4977</a> \
for details of </pre><pre style="color:rgb(0,0,0);margin:0em">the upstream CVE.<br>  \
<br>We would like to thank Roberto (<a \
href="mailto:extranewbugs@gmail.com">extranewbugs@gmail.com</a>) for reporting \
</pre><pre style="color:rgb(0,0,0);margin:0em">this issue and the Apache Security \
team for their assistance. <br><br>Additional details at <a \
href="https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Re \
port">https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report</a>.<br><br>Regards,<br>Vishwas</pre></div>




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic