Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1199

Dismiss false positive CVEs about Magento connector

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None
    • Yes

    Description

      One or more dependencies were identified with known vulnerabilities in magnolia-addon-webapp:
      
      magnolia-ecommerce-magento-connector-1.3.5-SNAPSHOT.jar (pkg:maven/info.magnolia.ecommerce/magnolia-ecommerce-magento-connector@1.3.5-20231003.223811-76, pkg:maven/info.magnolia.ecommerce/magnolia-ecommerce-magento-connector@1.3.5-SNAPSHOT, cpe:2.3:a:magento:magento:1.3.5:snapshot:*:*:*:*:*:*) : CVE-2015-8707, CVE-2016-4010, CVE-2019-7139, CVE-2020-3716, CVE-2020-3718, CVE-2020-9576, CVE-2020-9578, CVE-2020-9579, CVE-2020-9580, CVE-2020-9582, CVE-2020-9583, CVE-2020-9585, CVE-2020-9630, CVE-2020-9631, CVE-2020-9632, CVE-2020-9664, CVE-2022-24086, CVE-2020-9691, CVE-2020-24407, CVE-2021-21014, CVE-2021-21016, CVE-2021-21018, CVE-2021-21019, CVE-2021-21024, CVE-2021-21025, CVE-2015-6497, CVE-2022-42344, CVE-2021-21030, CVE-2020-15151, CVE-2021-21015, CVE-2019-7849, CVE-2020-3719, CVE-2020-9587, CVE-2020-9591, CVE-2019-7932, CVE-2019-8114, CVE-2020-9588, CVE-2021-28584, CVE-2021-36021, CVE-2021-36023, CVE-2021-36036, CVE-2020-24400, CVE-2018-5301, CVE-2019-7889, CVE-2019-7947, CVE-2020-24401, CVE-2020-9689, CVE-2020-9692, CVE-2021-28563, CVE-2021-28567, CVE-2016-10704, CVE-2020-24408, CVE-2020-3715, CVE-2020-3758, CVE-2020-9577, CVE-2020-9581, CVE-2020-9665, CVE-2021-21031, CVE-2021-21032, CVE-2019-7882, CVE-2019-7944, CVE-2019-7945, CVE-2020-9584, CVE-2016-2212, CVE-2019-7898, CVE-2019-7899, CVE-2019-8123, CVE-2020-3717, CVE-2021-21020, CVE-2021-21022, CVE-2021-21026, CVE-2021-28585, CVE-2020-24402, CVE-2019-7875, CVE-2019-7887, CVE-2019-7897, CVE-2019-7909, CVE-2019-7934, CVE-2019-7935, CVE-2019-7938, CVE-2019-7940, CVE-2021-21023, CVE-2021-21029, CVE-2021-28556, CVE-2020-24405, CVE-2021-21027, CVE-2020-9690, CVE-2021-28583, CVE-2020-24406, CVE-2020-24403, CVE-2020-24404, CVE-2021-28566
      

       
      Magento (aka Adobe Commerce) is an ecommerce platform. The above mentioned vulnerabilities concern components of the Magento platform. The Magnolia Magento connector doesn't use such components, nor any of the Magento api directly.

      Link to the two most recent CVEs:
      https://nvd.nist.gov/vuln/detail/CVE-2022-42344
      https://nvd.nist.gov/vuln/detail/CVE-2022-24086 

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Work Started:

                Checklists

                  Task DoR