[TDQ-19830] CVE: com.thoughtworks.xstream:xstream:1.4.17 - Talend Open Integration Solution

Apply template

XML

Word

Printable

Details

Type: Work Item
Status: Done
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 8.0.1, 7.3.1-R2021-11
Component/s: None
Labels:

Platform:
All
Epic Link:
Fix Security Issues in the Studio
Sprint:
DQ21 CN 10
GreenHopper Ranking:
0|i29nar:
GreenHopper Ranking (Obsolete):
9223372036854775807
Project Size:
Small

Description

Out of SLA: 2021-11-22

CVE: CVE-2021-39154

https://sca.analysiscenter.veracode.com/workspaces/X33hjMQ/issues/vulnerabilities/86189426

Target version: 1.4.18

Severty: HIGH

===============
already update XStream to 1.4.18 on dq libs see TDQ-19719

but still, need to update to 1.4.18 in the studio(the version of the xstream.jar which is under org.drools.eclipse is 1.4.17)

these codes have been commented already, so just remove them

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screen Shot 2021-10-18 at 10.41.45.png
420 kB
18/Oct/21 4:44 AM

Activity

People

Assignee:: liu xinquan

Reporter:: Brian He

Fixed by:: liu xinquan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Oct/21 3:49 AM

Updated:: 20/Jun/22 11:29 AM

Resolved:: 21/Oct/21 9:34 AM