[BUILD-1199] Dismiss false positive CVEs about Magento connector Created: 12/Dec/23  Updated: 15/Dec/23  Resolved: 12/Dec/23

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Team: Foundation
Work Started:
Approved:
Yes

 Description   
One or more dependencies were identified with known vulnerabilities in magnolia-addon-webapp:

magnolia-ecommerce-magento-connector-1.3.5-SNAPSHOT.jar (pkg:maven/info.magnolia.ecommerce/magnolia-ecommerce-magento-connector@1.3.5-20231003.223811-76, pkg:maven/info.magnolia.ecommerce/magnolia-ecommerce-magento-connector@1.3.5-SNAPSHOT, cpe:2.3:a:magento:magento:1.3.5:snapshot:*:*:*:*:*:*) : CVE-2015-8707, CVE-2016-4010, CVE-2019-7139, CVE-2020-3716, CVE-2020-3718, CVE-2020-9576, CVE-2020-9578, CVE-2020-9579, CVE-2020-9580, CVE-2020-9582, CVE-2020-9583, CVE-2020-9585, CVE-2020-9630, CVE-2020-9631, CVE-2020-9632, CVE-2020-9664, CVE-2022-24086, CVE-2020-9691, CVE-2020-24407, CVE-2021-21014, CVE-2021-21016, CVE-2021-21018, CVE-2021-21019, CVE-2021-21024, CVE-2021-21025, CVE-2015-6497, CVE-2022-42344, CVE-2021-21030, CVE-2020-15151, CVE-2021-21015, CVE-2019-7849, CVE-2020-3719, CVE-2020-9587, CVE-2020-9591, CVE-2019-7932, CVE-2019-8114, CVE-2020-9588, CVE-2021-28584, CVE-2021-36021, CVE-2021-36023, CVE-2021-36036, CVE-2020-24400, CVE-2018-5301, CVE-2019-7889, CVE-2019-7947, CVE-2020-24401, CVE-2020-9689, CVE-2020-9692, CVE-2021-28563, CVE-2021-28567, CVE-2016-10704, CVE-2020-24408, CVE-2020-3715, CVE-2020-3758, CVE-2020-9577, CVE-2020-9581, CVE-2020-9665, CVE-2021-21031, CVE-2021-21032, CVE-2019-7882, CVE-2019-7944, CVE-2019-7945, CVE-2020-9584, CVE-2016-2212, CVE-2019-7898, CVE-2019-7899, CVE-2019-8123, CVE-2020-3717, CVE-2021-21020, CVE-2021-21022, CVE-2021-21026, CVE-2021-28585, CVE-2020-24402, CVE-2019-7875, CVE-2019-7887, CVE-2019-7897, CVE-2019-7909, CVE-2019-7934, CVE-2019-7935, CVE-2019-7938, CVE-2019-7940, CVE-2021-21023, CVE-2021-21029, CVE-2021-28556, CVE-2020-24405, CVE-2021-21027, CVE-2020-9690, CVE-2021-28583, CVE-2020-24406, CVE-2020-24403, CVE-2020-24404, CVE-2021-28566

 
Magento (aka Adobe Commerce) is an ecommerce platform. The above mentioned vulnerabilities concern components of the Magento platform. The Magnolia Magento connector doesn't use such components, nor any of the Magento api directly.

Link to the two most recent CVEs:
https://nvd.nist.gov/vuln/detail/CVE-2022-42344
https://nvd.nist.gov/vuln/detail/CVE-2022-24086 


Generated at Sun Feb 11 23:49:04 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.