Uploaded image for project: 'JBoss Enterprise SOA Platform'
  1. JBoss Enterprise SOA Platform
  2. SOA-3680

jruby.jar as shipped with the scripting_chain quickstart exposes CVE-2011-4838

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 5.2.0 GA
    • Fix Version/s: 5.3.0 GA
    • Component/s: Examples
    • Labels:
      None

      Description

      The jruby.jar file shipped with the scripting_chain quickstart is vulnerable to CVE-2011-4838:

      jboss-as/samples/quickstarts/scripting_chain/lib/jruby.jar

      We are shipping JRuby 1.6.5. To mitigate this flaw, we should upgrade to 1.6.5.1. Details are here:

      http://www.jruby.org/2011/12/27/jruby-1-6-5-1.html

      Since this is a moderate impact flaw that only affects a quickstart, the overall impact is low. We should upgrade the vulnerable component in the next release, whether this is 5.3.0 or a CP to 5.2.0.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dpalmer Douglas Palmer
                  Reporter:
                  dfj David Jorm
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: