[JS-2129] Upgrade bouncycastle bcprov-jdk15to18 to version 1.78.1 due to 3rd party vulnerabilities CVE-2024-29857, CVE-2024-30171, CVE-2024-30172 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.7.0
Component/s: None
Labels:
None

CVE-ID:
CVE-2024-29857, CVE-2024-30171, CVE-2024-30172

Description

Current Situation

Vulnerabilities affect this version:
- CVE-2024-29857
  - disclosed, public description not available yet
  - https://www.cve.org/CVERecord?id=CVE-2024-29857
- https://nvd.nist.gov/vuln/detail/CVE-2024-30371
- https://nvd.nist.gov/vuln/detail/CVE-2024-30672

Impact

We rate the impact to our software being low because
- CVE-2024-30171 affects only pdf reader implementations which we do not use.
- CVE-2024-30172 affects only ROS (Robot Operating System) and is already disputed by multiple vendors, rating process at NVD is ongoing
- CVE-2024-29857 we can´t rate this issue as public description of the vulnerability is not available yet

Desired Behavior

JS7 Controller, Agent and JOC should ship with the latest version 1.78.1 which solve the vulnerability issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Oliver Haufe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19 April 2024 06:56

Updated:: 23 April 2024 16:57

Resolved:: 19 April 2024 10:55