Uploaded image for project: 'Apache Whisker'
  1. Apache Whisker
  2. WHISKER-20

Integrate update of Jdom in order to fix CVE

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.2
    • None

    Description

      A simple upgrade of the jdom dependency does not work:
      https://github.com/apache/creadur-whisker/pull/6

      As Jdom is marked as a security problem of Whisker try updating and upgrading:

      {{
      CVE-2021-33813
      high severity
      Vulnerable versions: <= 2.0.6
      Patched version: No fix

      An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. At this time there is not released fixed version of JDOM. As a workaround, to avoid external entities being expanded, one can call builder.setExpandEntities(false) and they won't be expanded.
      }}

      currently available version is:
      <version>2.0.6.1</version>
      https://github.com/hunterhacker/jdom

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #6

          Activity

            People

              pottlinger Philipp Ottlinger
              pottlinger Philipp Ottlinger
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: