Here I need to search latest version of dependency which is not vulnerable but as I navigate to maven repository page https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4 , I see there is also vulnerabilities written under 'Vulnerabilities' section. I am in dilemma, whether this indicates a resolved vulnerability for given version or persisted still. Please clear whether this version is vulnerable or not?
<:-- https.//mvnrepository.com/artifact/commons-fileupload/commons-fileupload --> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.4</version> </dependency>
Snapshot-->
Issue was reported in commons-fileupload
FILEUPLOAD-347
There are two vulnerabilities from dependencies:
commons-fileupload
use method FileNameUtils.normalize
from commons-io
- to check in source codeThe best way is follow and / or ask such question in project tracking issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.