KITE needs to upgrade to commons-collections:commons-collections to version 3.2.2 or higher.

webrtc / KITE

KITE is a test engine designed to test WebRTC interoperability across browsers

Apache License 2.0

464 stars 125 forks source link

KITE needs to upgrade to commons-collections:commons-collections to version 3.2.2 or higher. #197

Closed huibk closed 2 years ago

huibk commented 2 years ago

https://nvd.nist.gov/vuln/detail/CVE-2015-4852 https://nvd.nist.gov/vuln/detail/CVE-2015-7501

Snyk advisory information: https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078

Affected manifest(s): KITE-Dashboard/pom.xml

huibk commented 2 years ago

Also Upgrade org.eclipse.jetty:jetty-client to version 9.3.24.v20180605, 9.4.11.v20180605 or higher. https://nvd.nist.gov/vuln/detail/CVE-2017-7657

A-nguyenv commented 2 years ago

Hello, The affected manifest has already been deleted in 2019 from the main branch. It seems they were some old git legacy branches. They have now been removed.

huibk commented 2 years ago

Great. Thanks for the clarification.