Uploaded image for project: 'mod_cluster'
  1. mod_cluster
  2. MODCLUSTER-677

Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later

    XMLWordPrintable

Details

    • Component Upgrade
    • Resolution: Done
    • Major
    • 2.0.0.Final
    • 1.3.10.Final
    • Core + SPIs
    • None

    Description

      1 com.puppycrawl.tools:checkstyle vulnerability found in pom.xml 17 hours ago
      Remediation
      Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later. For example:

      <dependency>
      <groupId>com.puppycrawl.tools</groupId>
      <artifactId>checkstyle</artifactId>
      <version>[8.18,)</version>
      </dependency>
      Always verify the validity and compatibility of suggestions with your codebase.

      Details
      CVE-2019-9658 More information
      moderate severity
      Vulnerable versions: < 8.18
      Patched version: 8.18
      Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

      Attachments

        Activity

          People

            rhn-engineering-rhusar Radoslav Husar
            rhn-engineering-rhusar Radoslav Husar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: