MQTT CLI is a useful command line interface for connecting various MQTT clients supporting MQTT 5.0 and 3.1.1
310
stars
47
forks
source link
Use commons-text version 1.10.0 or later. This resolves CVE-2022-42889. #324
Closed
mario-schwede-hivemq closed 1 year ago
Motivation
The MQTT CLI uses apache commons text version 1.9 and that contains the critical vulnerability CVE-2022-42889: https://nvd.nist.gov/vuln/detail/CVE-2022-42889
Apache commons text comes as transitive dependency from opencsv and the current version 5.7.0 still depends on the vulnerable version 1.9: https://mvnrepository.com/artifact/com.opencsv/opencsv/5.7.0
Changes
Force the common text dependency to version 1.10.0 or later. The version 1.10.0 contains the fix for the vulnerability.
https://hivemq.kanbanize.com/ctrl_board/22/cards/9679/details/