ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitry Lysnichenko (Jira)" <j...@apache.org>
Subject [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421
Date Wed, 21 Oct 2020 15:54:00 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-25571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dmitry Lysnichenko resolved AMBARI-25571.
-----------------------------------------
    Resolution: Fixed

> Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421
> ---------------------------------------------------------------------
>
>                 Key: AMBARI-25571
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25571
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.4, 2.7.5
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>            Priority: Major
>             Fix For: 2.7.6
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> [CVE-2020-5398|https://nvd.nist.gov/vuln/detail/CVE-2020-5398#match-5434273] & [CVE-2020-5421|https://nvd.nist.gov/vuln/detail/CVE-2020-5421] are
found in the listed versions. 
> Ambari 2.7.4/2.7.5 contains Spring 5.1.8 => should be upgraded to 5.1.18 at least.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message