Closed BryceMehring closed 4 years ago
The following dependencies have vulnerabilities/security issues:
xmlsec-1.4.3.jar (cpe:/a:apache:santuario_xml_security_for_java:1.4.3, org.apache.santuario:xmlsec:1.4.3, cpe:/a:apache:xml_security_for_java:1.4.3) : CVE-2013-4517
bcprov-jdk15on-1.54.jar (cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54, cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.54, org.bouncycastle:bcprov-jdk15on:1.54, cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54) : CVE-2016-1000341, CVE-2016-1000352, CVE-2016-1000340, CVE-2016-2427, CVE-2018-1000613, CVE-2016-1000339, CVE-2016-1000346, CVE-2016-1000338, CVE-2017-13098, CVE-2016-1000343, CVE-2018-1000180, CVE-2016-1000342, CVE-2016-1000345, CVE-2016-1000344
opensaml-2.5.1-1.jar (org.opensaml:opensaml:2.5.1-1, cpe:/a:shibboleth:opensaml:2.5.1.1) : CVE-2013-6440
Please upgrade the dependencies to fix these security issues.
@BryceMehring have any of these vulnerabilities been mitigated by the 6.2.7 release?
yes.
The following dependencies have vulnerabilities/security issues:
xmlsec-1.4.3.jar (cpe:/a:apache:santuario_xml_security_for_java:1.4.3, org.apache.santuario:xmlsec:1.4.3, cpe:/a:apache:xml_security_for_java:1.4.3) : CVE-2013-4517
bcprov-jdk15on-1.54.jar (cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54, cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.54, org.bouncycastle:bcprov-jdk15on:1.54, cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54) : CVE-2016-1000341, CVE-2016-1000352, CVE-2016-1000340, CVE-2016-2427, CVE-2018-1000613, CVE-2016-1000339, CVE-2016-1000346, CVE-2016-1000338, CVE-2017-13098, CVE-2016-1000343, CVE-2018-1000180, CVE-2016-1000342, CVE-2016-1000345, CVE-2016-1000344
opensaml-2.5.1-1.jar (org.opensaml:opensaml:2.5.1-1, cpe:/a:shibboleth:opensaml:2.5.1.1) : CVE-2013-6440
Please upgrade the dependencies to fix these security issues.