acs-aem-commons icon indicating copy to clipboard operation
acs-aem-commons copied to clipboard
verified publisher icon Adobe-Consulting-Services

NexusIQ still has vulnerability after upgrading of acs-aem-commons

Open AndreaHgy opened this issue 2 years ago • 1 comments

Required Information

  • [ ] AEM Version, including Service Packs, Cumulative Fix Packs, etc: AEM 6.5 SP17_____
  • [ ] ACS AEM Commons Version: 6.02_____
  • [ ] Reproducible on Latest? yes/no yes

Expected Behavior

Nexus report should clear vulnerability after upgrading acs-aem-commons to V6.02

Actual Behavior

Still got the vulnerability even after upgrade.

Links

Screenshot 2023-10-12 135226

  • https://nvd.nist.gov/vuln/detail/cve-2021-23337
  • https://nvd.nist.gov/vuln/detail/cve-2022-25844

AndreaHgy avatar Oct 12 '23 12:10 AndreaHgy

I dont think we'll be fixing cve-2022-25844 any time soon as this would require re-writing all the angularJS UIs.

davidjgonzalez avatar Oct 16 '23 13:10 davidjgonzalez