Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-8308

CVE-2017-8046 spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: fuse-7.0
    • Component/s: FIS-Spring Boot
    • Labels:
      None
    • Epic Link:
    • Security Sensitive Issue:
      This issue is security relevant

      Description

      Update version of Spring Data REST in FIS BOM to make sure we pull a version that includes a fix for
      https://nvd.nist.gov/vuln/detail/CVE-2017-8046, https://pivotal.io/security/cve-2017-8046

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  kcbabo Keith Babo
                  Tester:
                  Lukáš Löwinger
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  10 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: