eureka icon indicating copy to clipboard operation
eureka copied to clipboard
verified publisher icon Netflix

New CVE in org.codehaus.jettison:jettison version 1.4.0

Open Subrhamanya opened this issue 3 years ago • 2 comments

New vulnerabilities (CVE-2022-40149, CVE-2022-45685, CVE-2022-45693) has been found in org.codehaus.jettison:jettison version 1.4.0. Please refer the link below for detailed description.

CVE-2022-40149. CVE-2022-45685. CVE-2022-45693.

The resolution for this CVE is to use jettison version 1.5.2.

Subrhamanya avatar Sep 26 '22 04:09 Subrhamanya

Hi team can anybody look into it? We are consuming this dependency and waiting for the team to fix this CVE.

Here is the reference link

https://github.com/jettison-json/jettison/issues/45

Subrhamanya avatar Oct 21 '22 06:10 Subrhamanya

Eureka blend: 1.10.18 contains a vulnerability in jettison: 1.4.0. Can I upgrade jettison to 1.5.2? Does the upgrade affect the eureka blend feature?

wealthtears avatar Aug 15 '23 06:08 wealthtears