Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18044

Updates for vulnerable dependencies

    Details

    • Type: Technical Debt
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.14.9
    • Fix Version/s: 2.14.10
    • Component/s: Security
    • Labels:

      Description

      During our regular process, which is automated via the Lifecycle product, we found that several dependencies used in Nexus Repository Manger 2.x had vulnerabilities.

      Affected areas and concerns

      • Dependency library version that is susceptible to a DOS attack
      • Dependency library that is below a specific version that has a vulnerability for XSS
      • Dependency library allowed attacker to bake a special serialized object that will execute code directly when deserialized

      Acceptance Criteria

      • Upgrade dependency libraries to versions without discovered vulnerabilities. 

        Attachments

          Activity

            People

            Assignee:
            moncef Moncef Ben-Soula
            Reporter:
            moncef Moncef Ben-Soula
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                tigCommentSecurity.panel-title