jeetnal01
commented
7 months ago Hi @adejanovski Can you please help with the query raised by Vijay?
We use Black Duck scan for security scan and it has reported following security issue for reaper version 3.2.0
Component name : Logback
Component version name : 1.2.6, 1.2.7
CVE : https://github.com/advisories/GHSA-668q-qrv7-99fm (BDSA-2021-3818)
CVE Score : 6.6
Source :
cassandra-reaper-3.2.0.jar!/ch/qos/logback/classic/ cassandra-reaper-3.2.0.jar!/ch/qos/logback/core/
Please confirm, if reaper version 3.2.0 is vulnerable with this issue. If yes, in which version of reaper the issue is being fixed or already addressed.
Thanks Jeetendra
Project board link
We use Black Duck scan for security scan and it has reported following security issue for reaper version 3.2.0
Component name : Logback
Component version name : 1.2.6, 1.2.7
CVE : CVE-2021-42550 (BDSA-2021-3818)
CVE Score : 6.6
Source :
cassandra-reaper-3.2.0.jar!/ch/qos/logback/classic/ cassandra-reaper-3.2.0.jar!/ch/qos/logback/core/
Please confirm, if reaper version 3.2.0 is vulnerable with this issue. If yes, in which version of reaper the issue is being fixed or already addressed.
Thanks in advance.
┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-55