]
Radoslav Husar updated MODCLUSTER-677:
--------------------------------------
Fix Version/s: 2.0.0.Alpha1
Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later
----------------------------------------------------------------
Key: MODCLUSTER-677
URL:
https://issues.jboss.org/browse/MODCLUSTER-677
Project: mod_cluster
Issue Type: Component Upgrade
Components: Core & Container Integration (Java)
Affects Versions: 1.3.10.Final
Reporter: Radoslav Husar
Assignee: Radoslav Husar
Priority: Major
Fix For: 2.0.0.Alpha1
1 com.puppycrawl.tools:checkstyle vulnerability found in pom.xml 17 hours ago
Remediation
Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later. For example:
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>[8.18,)</version>
</dependency>
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2019-9658 More information
moderate severity
Vulnerable versions: < 8.18
Patched version: 8.18
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to
denial of service attacks or the leaking of confidential information.