[JOC-1623] Update commons-compress to version 1.24.0 due to 3rd-party vulnerability issue - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.5, 2.6.2
Fix Version/s: 2.5.6, 2.6.3
Component/s: None
Labels:
None

CVE-ID:
CVE-2023-42503

Description

Current Situation

JS7 Agent and JOC Cockpit ship with 3rd party library commons-compress v1.22.
A vulnerability affects this version.
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503

Impact

We rate the impact to our software as low as our implementation does not make use of the combination of classes to read files from a filesystem.

Desired Behavior

JS7 Agent and JOC Cockpit should use the latest version 1.24.0 of commons-compress which fixes the vulnerability.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19 September 2023 11:48

Updated:: 09 November 2023 13:53

Resolved:: 19 September 2023 12:48