Delft-FEWS uses third party libraries and analyses these libraries using the OWASP dependency check tool. See: https://owasp.org/www-project-dependency-check/
This page keeps track of known CVE issues in libraries that are distributed with Delft-FEWS and the upgrade strategy of these libraries.
Only CVE issues of severity Critical and High are reported here.
CVE | file | description | JIRA | upgrade strategy | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2021-33813 | jdom.jar | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. |
| phase out xfire. This is used in:
| ||||||||||
jdom-2.02.jar | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. |
|