search

thelastpickle / cassandra-reaper

Automated Repair Awesomeness for Apache Cassandra
http://cassandra-reaper.io/
Apache License 2.0
490 stars 218 forks source link

Security vulnerabilities in Apache Shiro In Reaper (CVE-2023-34478) #1332

Open vchauhan81 opened 1 year ago

vchauhan81 commented 1 year ago

Project board link

We are using cassandra-reaper version 3.3.1 in our product. Recently we did Blackduck security scan and following issue was reported for reaper.

Component name - Apache Shiro Component version name - 1.10.0 CVE - CVE-2023-34478(BDSA-2023-1909) CVSS - 9.8 (Critical)

Can you please help us to confirm -

if version 3.3.1 is vulnerable for these CVE ? if yes, in which version the fix would be available ?

┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-41

Bilgram commented 1 year ago

We are running 3.3.3 and Snyk also found this issue

jeetnal01 commented 7 months ago

Any further updates will be appreciated.