Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1393

Update ini4j to 0.5.4 due to 3rd-party vulnerability issue CVE-2022-41404

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.13.15
    • 1.13.16
    • None
    • None
    • CVE-2022-41404

    Description

      Current Situation

      The JS1 JOC Cockpit use ini4j 0.5.2.

      A vulnerability affects this version, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41404.

      We rate this vulnerability as LOW as ini4j is used to read ini files, but does not allow any custom configuration on how to read. An exploit with a changed read configuration cannot be used.

      Desired Behavior

      The JS1 JOC Cockpit should use ini4j 0.5.4 which solves the issue.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Pramokshi Narawariya Pramokshi Narawariya
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: