[ENTESB-8308] CVE-2017-8046 spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code - JBoss Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Done
Affects Version/s: None
Fix Version/s: fuse-7.0
Component/s: FIS-Spring Boot
Labels:
None

Epic Link:
FIS6.3onR7
Security Sensitive Issue:

This issue is security relevant

Description

Update version of Spring Data REST in FIS BOM to make sure we pull a version that includes a fix for
https://nvd.nist.gov/vuln/detail/CVE-2017-8046, https://pivotal.io/security/cve-2017-8046

Gliffy Diagrams

Attachments

Issue Links

cloned to

ENTESB-8754 CVE-2017-8046 spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Closed

is related to

ENTESB-8649 CVE-2017-8046 spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Closed

Activity

People

Assignee:

Unassigned

Reporter:

Keith Babo

Tester:

Lukas Lowinger

Votes:

0 Vote for this issue

Watchers:

10 Start watching this issue

Dates

Created:

13/Mar/18 11:59 AM

Updated:

14/Aug/18 2:37 PM

Resolved:

01/May/18 5:56 PM