Skip to content
This repository was archived by the owner on May 14, 2025. It is now read-only.
This repository was archived by the owner on May 14, 2025. It is now read-only.

Vulnerabilities affecting Spring Cloud Dataflow dependencies  #5780

Closed
#5804
Closed
Vulnerabilities affecting Spring Cloud Dataflow dependencies #5780
#5804
Labels
area/dependenciesBelongs project dependencies
Milestone
2.11.3
@shalomyasap

Description

@shalomyasap
shalomyasap
opened on Apr 17, 2024

Running a vulnerabilities scan through the Spring Cloud Dataflow server returns some CVEs affecting the latest release:

  1. CVE-2024-23672 - tomcat-embed-websocket-9.0.83.jar
  2. CVE-2024-24549 - tomcat-embed-core-9.0.83.jar
  3. CVE-2024-22257 - spring-security-core-5.7.6.jar
  4. CVE-2024-29025 - netty-codec-http-4.1.101.Final.jar
  5. CVE-2023-52428 - nimbus-jose-jwt-9.22.jar
  6. CVE-2024-31033 - jjwt-impl-0.11.2.jar
  7. CVE-2024-22262 - spring-web-5.3.31.jar
  8. CVE-2016-1000027 - spring-web-5.3.31.jar

Could you confirm whether the App is affected by these vulnerabilities and if so, are there plans to update the related dependencies and release it soon?

This reference to latest release v2.11.2

Many thanks,
Shalom

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/dependenciesBelongs project dependencies

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions