Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block 2 more gadget types (commons-dbcp2, CVE-2020-35490/CVE-2020-35491) #2986

Closed
cowtowncoder opened this issue Dec 14, 2020 · 0 comments
Closed

Block 2 more gadget types (commons-dbcp2, CVE-2020-35490/CVE-2020-35491) #2986

cowtowncoder opened this issue Dec 14, 2020 · 0 comments
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone
2.9.10.8

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 14, 2020
edited
Loading

Another gadget type(s) reported regarding class(es) of org.apache.commons:commons-dbcp2. library.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre ids:
* CVE-2020-35490
* CVE-2020-35491

Fix is included in:
@cowtowncoder cowtowncoder added to-evaluate Issue that has been received but not yet evaluated CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Dec 14, 2020
@cowtowncoder cowtowncoder changed the title Block one more gadget type (-, CVE-xxxx-xxx) Block 2 more gadget types (-, CVE-xxxx-xxx) Dec 16, 2020
cowtowncoder added a commit that referenced this issue Dec 16, 2020
@cowtowncoder
Fixed #2986
41b8bdb
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Dec 16, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (-, CVE-xxxx-xxx) Block 2 more gadget types (commons-dbcp2, CVE-xxxx-xxx) Dec 16, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (commons-dbcp2, CVE-xxxx-xxx) Block 2 more gadget types (commons-dbcp2, CVE-2020-35490/CVE-2020-35491) Dec 18, 2020
cowtowncoder added a commit that referenced this issue Dec 18, 2020
@cowtowncoder
Update release notes wrt #2986
3d2903e
This was referenced Dec 18, 2020
Closed
Closed
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Mar 14, 2022
Open
This was referenced Mar 14, 2022
Closed
Closed
This was referenced Mar 22, 2022
Open
Open
This was referenced May 10, 2022
Open
Open
Open
Open
This was referenced Aug 1, 2022
Open
Open
This was referenced Sep 20, 2022
Open
Open
@cxronen cxronen mentioned this issue Nov 28, 2022
Open
This was referenced Dec 25, 2022
Open
Open
@cxronen cxronen mentioned this issue Dec 20, 2022
Open
This was referenced Jan 26, 2023
Open
Open
This was referenced Nov 22, 2022
Open
Open
This was referenced Feb 21, 2023
Open
Open
Open
This was referenced Feb 15, 2023
Open
Open
Open
This was referenced May 25, 2023
Open
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Milestone
2.9.10.8
Development

No branches or pull requests
1 participant
@cowtowncoder