Details
-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
junit-platform-commons-1.8.2.jar (pkg:maven/org.junit.platform/junit-platform-commons@1.8.2, cpe:2.3:a:fan_platform_project:fan_platform:1.8.2:::::::*) : CVE-2022-31514
The issue actually concerns https://github.com/Caoyongqi912/Fan_Platform which Magnolia doesn't use.
see https://nvd.nist.gov/vuln/detail/CVE-2022-31514The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Checklists
Acceptance criteria