Menu

#189 Critical vulnerability in commons-configuration2

All
closed-fixed
rzo
None
1
2022-07-24
2022-07-21
Arushi Rai
No

Hi Team,

There is a critical vulnerability CVE-2022-33980 reported for Commons configuration2 with score 9.8.

We are using the current version of YAJSW 13.03 which uses commons-configuration2 2.7.
Our service runs on both linux and windows platform using OpenJDK JRE 11.

Reaching out to check if YAJSW is impacted by this vulnerabiltiy?
Either way, is there a plan to update the version of Commons configuration2

Discussion

  • Arushi Rai

    Arushi Rai - 2022-07-21

    Also, if YAJSW is impacted is there any workaround?
    Will there be any issue if common-configuration2 library is updated to latest while YAJSW is till on 13.03?

     

  • Arushi Rai

    Arushi Rai - 2022-07-22

    Hi @john1900, @rzorzorzo
    Any information for this issue?

     

  • rzo

    rzo - 2022-07-23
    • status: open --> closed-fixed
     

  • rzo

    rzo - 2022-07-23

    release 13.04

     

  • Arushi Rai

    Arushi Rai - 2022-07-24

    Hi @rzorzorzo,
    Thanks for your response, I will update to the latest YAJSW.
    But can you confirm if 13.03 is actually imapcted or not? I will need to patch my service as well.

     

Log in to post a comment.