Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-20598

Incomplete fix of CVE-2020-13956

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • fuse-7.12-GA
    • fuse-7.11.1-GA
    • Hawtio
    • Very Likely

    Description

      For CVE-2020-13956, the Red Hat Fuse Spring-Boot 2 BOM is including commons-httpclient/commons-httpclient/3.1.0.redhat-8 as part of io.hawt/hawtio-springboot/2.0.0.fuse-sb2-7_11_0-00036-redhat-00001

      +- io.hawt:hawtio-springboot:jar:2.0.0.fuse-sb2-7_11_0-00036-redhat-00001:compile
    +- io.hawt:hawtio-system:jar:2.0.0.fuse-sb2-7_11_0-00036-redhat-00001:compile
      +- commons-httpclient:commons-httpclient:jar:3.1.0.redhat-8:compile

      Attachments

        Activity

          People

            ggrzybek Grzegorz Grzybek
            rhn-support-shiggs Stephen Higgs
            Stefan Veres Stefan Veres
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: