Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] ESMF SDK High findings in veracode for sldt-semantic-hub #427

Closed
shijinrajbosch opened this issue Oct 2, 2023 · 2 comments · Fixed by #441
Closed

[BUG] ESMF SDK High findings in veracode for sldt-semantic-hub #427

shijinrajbosch opened this issue Oct 2, 2023 · 2 comments · Fixed by #441
Labels
acknowledged Has been viewed by one of the maintainers and is ready for further work, discussion or other steps. bug Something isn't working

Comments

@shijinrajbosch
Copy link

shijinrajbosch commented Oct 2, 2023
edited
Loading

Describe the bug
Veracode has reported 3 High Severity in Semantic hub (https://github.com/eclipse-tractusx/sldt-semantic-hub.git) project from the esmf-aspect-model-starter transient dependency 2.2.3 and 2.3.1 versions

Where
batik-bridge-1.16.jar
batik-transcoder-1.16.jar
batik-svgrasterizer-1.16.jar

CVE Details - CVE-2022-44729| CWE-918

Additional context
The problem exists in org.eclipse.esmf:esmf-aspect-model-document-generators:jar version 2.3.2 also
@shijinrajbosch shijinrajbosch added the bug Something isn't working label Oct 2, 2023
@shijinrajbosch
Copy link
Author

shijinrajbosch commented Oct 9, 2023
edited
Loading

Please find the CVE Details - CVE-2022-44729| CWE-918

@atextor atextor mentioned this issue Oct 9, 2023
Closed
@chris-volk chris-volk added the acknowledged Has been viewed by one of the maintainers and is ready for further work, discussion or other steps. label Oct 10, 2023
@Yauhenikapl Yauhenikapl mentioned this issue Oct 12, 2023
Merged
Yauhenikapl added a commit to bci-oss/esmf-parent that referenced this issue Oct 12, 2023
@Yauhenikapl
bugfix: Fix batik vulnerabilities and Updated packages
1a56e14 
Changes:

- was updated libraries to the latest version.

Fixes for [esmf-sdk issue #427](eclipse-esmf/esmf-sdk#427)
Yauhenikapl added a commit to bci-oss/esmf-parent that referenced this issue Oct 12, 2023
@Yauhenikapl
bugfix: Fix batik vulnerabilities and Updated packages
7a1fe19 
Changes:

- was updated libraries to the latest version.

Fixes for [esmf-sdk issue #427](eclipse-esmf/esmf-sdk#427)
Yauhenikapl added a commit to bci-oss/esmf-parent that referenced this issue Oct 12, 2023
@Yauhenikapl
bugfix: Fix batik vulnerabilities and Updated packages
c606661 
Changes:

- was updated libraries to the latest version.

Fixes for [esmf-sdk issue #427](eclipse-esmf/esmf-sdk#427)
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 13, 2023
@Yauhenikapl
bugfix: Fix vulnerabilities in batik library
dc57f6a 
Fixes eclipse-esmf#427
@Yauhenikapl Yauhenikapl mentioned this issue Oct 13, 2023
Merged
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 13, 2023
@Yauhenikapl
bugfix: Fix vulnerabilities in batik library
1152815 
Changes:
- refactoring

Fixes eclipse-esmf#427
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 13, 2023
@Yauhenikapl
bugfix: Fix vulnerabilities in batik library
7d1df96 
Changes:
- fix tests;
- migrate from javax to jakarta;

Fixes eclipse-esmf#427
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 15, 2023
@Yauhenikapl
bugfix: Fix vulnerabilities in batik library
5ab6298 
Changes:
- fix tests;

Fixes eclipse-esmf#427
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 19, 2023
@Yauhenikapl
bugfix: Migrate validation javax to jakarta
1f76305 
Changes:
- fix tests;
- migrate from javax to jakarta;

Fixes eclipse-esmf#427
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 19, 2023
@Yauhenikapl
bugfix: Fix vulnerabilities in batik library
ad357ea 
Changes:
- fix tests;

Fixes eclipse-esmf#427
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 19, 2023
@Yauhenikapl
bugfix: Update parent to 8th version
db5e412 
Fixes eclipse-esmf#427
@github-actions
Copy link

Release v2.4.0 addresses this.

Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 26, 2023
@Yauhenikapl
bugfix: Update generation ttl process
28a5f56 
Changes:
- Refactoring;
- Update generation ttl process.

Fixes eclipse-esmf#427
Yauhenikapl added a commit to bci-oss/esmf-sdk that referenced this issue Oct 26, 2023
@Yauhenikapl
bugfix: Add AasCommand to samm cli
0dfcf47 
Fixes eclipse-esmf#427
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
acknowledged Has been viewed by one of the maintainers and is ready for further work, discussion or other steps. bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bugfix: Fix vulnerabilities in batik library bci-oss/esmf-sdk
2 participants
@chris-volk @shijinrajbosch