[BUILD-873] Dismiss mismatched CVE-2022-31514 Created: 25/Jul/22  Updated: 25/Jul/22  Resolved: 25/Jul/22

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Team: Foundation

 Description   

junit-platform-commons-1.8.2.jar (pkg:maven/org.junit.platform/junit-platform-commons@1.8.2, cpe:2.3:a:fan_platform_project:fan_platform:1.8.2:::::::*) : CVE-2022-31514

The issue actually concerns https://github.com/Caoyongqi912/Fan_Platform which Magnolia doesn't use. 

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

see https://nvd.nist.gov/vuln/detail/CVE-2022-31514

 


Generated at Sun Feb 11 23:46:00 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.