<org.apache.mina.core.service.AbstractIoService: void dispose(boolean)>
at <org.apache.mina.core.service.AbstractIoService: void dispose()> (org.apache.mina.core.service.AbstractIoService.java:[273]) in /home/wc/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar
at <org.apache.mina.core.service.SimpleIoProcessorPool: void dispose()> (org.apache.mina.core.service.SimpleIoProcessorPool.java:[305]) in /home/wc/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar
at <org.apache.mina.core.service.SimpleIoProcessorPool: void <init>(java.lang.Class,java.util.concurrent.Executor,int)> (org.apache.mina.core.service.SimpleIoProcessorPool.java:[228]) in /home/wc/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar
at <org.apache.mina.core.service.SimpleIoProcessorPool: void <init>(java.lang.Class)> (org.apache.mina.core.service.SimpleIoProcessorPool.java:[114]) in /home/wc/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar
at <org.apache.mina.core.polling.AbstractPollingIoAcceptor: void <init>(org.apache.mina.core.session.IoSessionConfig,java.lang.Class)> (org.apache.mina.core.polling.AbstractPollingIoAcceptor.java:[112]) in /home/wc/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar
at <org.apache.mina.transport.socket.nio.NioSocketAcceptor: void <init>()> (org.apache.mina.transport.socket.nio.NioSocketAcceptor.java:[60]) in /home/wc/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar
at <io.milton.mail.pop.MinaPopServer: void start()> (io.milton.mail.pop.MinaPopServer.java:[52]) in /home/wc/detect/unzip/milton2-3.0.0.215/milton-mail-server/target/classes
Hi, In milton2/milton-mail-server,there is a dependency org.apache.mina:mina-core:2.0.7 that calls the risk method.
CVE-2019-0231
The scope of this CVE affected version is [,2.0.21),[2.1.0,2.1.1)
After further analysis, in this project, the main Api called is <org.apache.mina.core.service.AbstractIoService: void dispose(boolean)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 8
Dependency tree--
Suggested solutions:
Update dependency version
Thank you very much.