Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18044

Updates for vulnerable dependencies

    XMLWordPrintable

Details

    • Technical Debt
    • Resolution: Done
    • Major
    • 2.14.10
    • 2.14.9
    • Security

    Description

      During our regular process, which is automated via the Lifecycle product, we found that several dependencies used in Nexus Repository Manger 2.x had vulnerabilities.

      Affected areas and concerns

      • Dependency library version that is susceptible to a DOS attack
      • Dependency library that is below a specific version that has a vulnerability for XSS
      • Dependency library allowed attacker to bake a special serialized object that will execute code directly when deserialized

      Acceptance Criteria

      • Upgrade dependency libraries to versions without discovered vulnerabilities. 

      Attachments

        Activity

          People

            moncef Moncef Ben-Soula
            moncef Moncef Ben-Soula
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              tigCommentSecurity.panel-title