Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1208

Dismiss CVE about mvel2-2.4.15+

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Neutral Neutral
    • None
    • None
    • None
    • Yes

      Pulled in via jBPM, still undergoing analysis at the moment of writing.

      https://nvd.nist.gov/vuln/detail/CVE-2023-51079
      https://github.com/mvel/mvel/issues/348 

      [INFO] |  +- org.jbpm:jbpm-runtime-manager:jar:7.74.1.Final:compile
[INFO] |  |  +- org.eclipse.aether:aether-api:jar:1.1.0:compile
[INFO] |  |  +- org.kie.soup:kie-soup-project-datamodel-commons:jar:7.74.1.Final:compile
[INFO] |  |  |  \- org.kie.soup:kie-soup-project-datamodel-api:jar:7.74.1.Final:compile
[INFO] |  |  +- org.mvel:mvel2:jar:2.4.15.Final:compile

      The vulnerability was eventually dismissed by the library maintainers. The API in question isn't used by Magnolia directly anyway.

        Acceptance criteria

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:
                Work Started:

                  Task DoR