Uploaded image for project: 'Build'
  1. Build
  2. BUILD-873

Dismiss mismatched CVE-2022-31514

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None
    • None

    Description

      junit-platform-commons-1.8.2.jar (pkg:maven/org.junit.platform/junit-platform-commons@1.8.2, cpe:2.3:a:fan_platform_project:fan_platform:1.8.2:::::::*) : CVE-2022-31514

      The issue actually concerns https://github.com/Caoyongqi912/Fan_Platform which Magnolia doesn't use. 

      The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

      see https://nvd.nist.gov/vuln/detail/CVE-2022-31514

       

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoR