search

IBMStreams / streamsx.objectstorage

The com.ibm.streamsx.objectstorage toolkit supports Object Storage services with S3 API like IBM Cloud Object Storage service.
https://ibmstreams.github.io/streamsx.objectstorage
Other
4 stars 7 forks source link

Toolkit uses vulnerable versions of third-party jars #219

Closed markheger closed 4 years ago

markheger commented 4 years ago

The toolkit includes log4j-1.2.17.jar, which has vulnerabilities CVE-2019-17571, CVE-2020-9488.

commons-beanutils-1.7.0.jar CVE-2019-10086, CVE-2014-0114 commons-beanutils-core-1.8.0.jar CVE-2019-10086, CVE-2014-0114