What is significance of 'Vulnerabilities' from https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4?
Question
Here I need to search latest version of dependency which is not vulnerable but as I navigate to maven repository page https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4 , I see there is also vulnerabilities written under 'Vulnerabilities' section. I am in dilemma, whether this indicates a resolved vulnerability for given version or persisted still. Please clear whether this version is vulnerable or not?
<:-- https.//mvnrepository.com/artifact/commons-fileupload/commons-fileupload --> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.4</version> </dependency>
Snapshot-->
1 answers
solution1
0 2022-08-22 13:43:21
Issue was reported in commons-fileupload FILEUPLOAD-347
There are two vulnerabilities from dependencies:
- one on junit - it is not propagated to end user
- second - it's depends if
commons-fileuploaduse methodFileNameUtils.normalizefromcommons-io- to check in source code
The best way is follow and / or ask such question in project tracking issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.