[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-677) Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later

Fri Mar 15 05:13:00 EDT 2019

     [ https://issues.jboss.org/browse/MODCLUSTER-677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Radoslav Husar updated MODCLUSTER-677:
--------------------------------------
    Description: 
1 com.puppycrawl.tools:checkstyle vulnerability found in pom.xml 17 hours ago
Remediation
Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later. For example:

<dependency>
  <groupId>com.puppycrawl.tools</groupId>
  <artifactId>checkstyle</artifactId>
  <version>[8.18,)</version>
</dependency>
Always verify the validity and compatibility of suggestions with your codebase.

Details
CVE-2019-9658 More information
moderate severity
Vulnerable versions: < 8.18
Patched version: 8.18
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

> Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later
> ----------------------------------------------------------------
>
>                 Key: MODCLUSTER-677
>                 URL: https://issues.jboss.org/browse/MODCLUSTER-677
>             Project: mod_cluster
>          Issue Type: Task
>          Components: Core &amp; Container Integration (Java)
>    Affects Versions: 2.0.0.Alpha1
>            Reporter: Radoslav Husar
>            Assignee: Radoslav Husar
>            Priority: Major
>
> 1 com.puppycrawl.tools:checkstyle vulnerability found in pom.xml 17 hours ago
> Remediation
> Upgrade com.puppycrawl.tools:checkstyle to version 8.18 or later. For example:
> <dependency>
>   <groupId>com.puppycrawl.tools</groupId>
>   <artifactId>checkstyle</artifactId>
>   <version>[8.18,)</version>
> </dependency>
> Always verify the validity and compatibility of suggestions with your codebase.
> Details
> CVE-2019-9658 More information
> moderate severity
> Vulnerable versions: < 8.18
> Patched version: 8.18
> Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

--
This message was sent by Atlassian Jira
(v7.12.1#712002)