Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1192

Dismiss false positive CVE about Matomo connector

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None
    • Yes

    Description

      One or more dependencies were identified with known vulnerabilities in magnolia-addon-webapp:
      
      magnolia-analytics-matomo-connector-2.0-SNAPSHOT.jar (pkg:maven/info.magnolia.analytics/magnolia-analytics-matomo-connector@2.0-20231205.004911-331, pkg:maven/info.magnolia.analytics/magnolia-analytics-matomo-connector@2.0-SNAPSHOT, cpe:2.3:a:matomo:matomo:2.0:snapshot:*:*:*:*:*:*) : CVE-2015-7815, CVE-2015-7816
      

      https://nvd.nist.gov/vuln/detail/CVE-2015-7815
      https://nvd.nist.gov/vuln/detail/CVE-2015-7816

      Matomo is a Google Analytics alternative: the vulnerabilities concern a component of Matomo written in PHP called Piwik. The Magnolia Matomo connector doesn't use this component or any of the Matomo api directly.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Work Started:

                Checklists

                  Task DoR