Page History

Delft-FEWS uses third party libraries and analyses these libraries using the OWASP dependency check tool. See: https://owasp.org/www-project-dependency-check/

This page keeps track of known CVE issues in libraries that are distributed with Delft-FEWS and the upgrade strategy of these libraries.

Only CVE issues of severity Critical and High are reported here.

CVE

file

description

JIRA

upgrade strategy

CVE-2021-33813

jdom.jar

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Jira

phase out xfire. This is used in:

embedded PI service. Has been deprecated and will be replaced with a new implemenation. https://issuetracker.deltares.nl/browse/FEWS-22053
Alarm module. Master controller calls Alarm Module soap service to sent events. This should be replaced by a new implementation: https://issuetracker.deltares.nl/browse/FEWS-25861

jdom-2.02.jar

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Jira

server	Deltares Issue Tracker
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	20635570-6a34-3a69-a785-26a57a470c5b
key	FEWS-25545

Page tree