1.4' page?

219 Views Asked by avaneesh kumar Shukla At 22 August 2022 at 11:35

Here I need to search latest version of dependency which is not vulnerable but as I navigate to maven repository page https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4 , I see there is also vulnerabilities written under 'Vulnerabilities' section. I am in dilemma, whether this indicates a resolved vulnerability for given version or persisted still. Please clear whether this version is vulnerable or not?

<!-- https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload -->
<dependency>
    <groupId>commons-fileupload</groupId>
    <artifactId>commons-fileupload</artifactId>
    <version>1.4</version>
</dependency>

Snapshot-->

Original Q&A

There are 1 best solutions below

Slawomir Jaranowski On 22 August 2022 at 13:43

Issue was reported in commons-fileupload FILEUPLOAD-347

There are two vulnerabilities from dependencies:

one on junit - it is not propagated to end user
second - it's depends if commons-fileupload use method FileNameUtils.normalize from commons-io - to check in source code

The best way is follow and / or ask such question in project tracking issue.

What denotes 'Vulnerabilities' section from 'https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4' page?

There are 1 best solutions below

Related Questions in MAVEN

Related Questions in PROJECT

Related Questions in APACHE-COMMONS-FILEUPLOAD

Related Questions in MAVEN-REPOSITORY

Trending Questions

Popular # Hahtags

Popular Questions