'[jira] [Created] (AXIS2-6067) CVE with dependency jars of axis2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sandesha-dev
Subject:    [jira] [Created] (AXIS2-6067) CVE with dependency jars of axis2
From:       "Ajay (Jira)" <jira () apache ! org>
Date:       2024-05-01 9:51:00
Message-ID: JIRA.13577830.1714557000000.50442.1714557060013 () Atlassian ! JIRA
[Download RAW message or body]

Ajay created AXIS2-6067:
---------------------------

             Summary: CVE with dependency jars of axis2
                 Key: AXIS2-6067
                 URL: https://issues.apache.org/jira/browse/AXIS2-6067
             Project: Axis2
          Issue Type: Bug
          Components: codegen, json, kernel
    Affects Versions: 1.8.2
            Reporter: Ajay


Per sonatype Repository SBOM Report, the following CVEs affect packages in =
the current latest axis2 version 1.8.2 and should be patched ASAP:
=C2=A0
Issue - CVE-2022-40152 -=C2=A0
=C2=A0
Source=C2=A0
[INFO] org.apache.axis2:axis2-webapp:war:1.8.2
[INFO] +- org.apache.axis2:axis2-jibx:jar:1.8.2:compile
[INFO] |=C2=A0 +- org.apache.axis2:axis2-kernel:jar:1.8.2:compile
[INFO] |=C2=A0 |=C2=A0 +- org.apache.ws.commons.axiom:axiom-impl:jar:1.4.0:=
runtime
[INFO] |=C2=A0 |=C2=A0 |=C2=A0 \- com.fasterxml.woodstox:woodstox-core:jar:=
6.2.8:runtime
=C2=A0
=C2=A0
Issue - CVE-2023-3635
=C2=A0
Source=C2=A0
[INFO] | +- org.apache.axis2:axis2-json:jar:1.8.2:compile
[INFO] |=C2=A0 +- org.codehaus.jettison:jettison:jar:1.5.0:compile
[INFO] |=C2=A0 +- org.owasp.encoder:encoder:jar:1.2.3:compile
[INFO] |=C2=A0 +- com.google.code.gson:gson:jar:2.9.0:compile
[INFO] |=C2=A0 +- com.squareup.moshi:moshi:jar:1.13.0:compile
[INFO] |=C2=A0 |=C2=A0 +- com.squareup.okio:okio:jar:2.10.0:compile
=C2=A0
Issue - CVE-2023-2976
=C2=A0
Source=C2=A0
[INFO] +- org.apache.axis2:axis2-codegen:jar:1.8.2:compile
[INFO] |=C2=A0 +- com.google.googlejavaformat:google-java-format:jar:1.7:co=
mpile
[INFO] |=C2=A0 |=C2=A0 +- com.google.guava:guava:jar:31.1-jre:compile



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic