...
| date | CVE | library | description | versions | Risk for Delft-FEWS | JIRA | upgrade strategy |
|---|---|---|---|---|---|---|---|
| Apr 2022 | CVE-2022-28085 | htmldoc (optionally supplied component not part of the Delft-FEWS binaries) | A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). | Up to 2022-03-24 | Up to (excluding) 2022-03-24 | FEWS-27693 | When using htmldoc, the end-user must be supplied with updated version from https://github.com/michaelrsweet/htmldoc/releases |
Deltares Open Archive common vulnerabilities and exposures (CVE) with CVE score Critical and High
This page keeps track of known CVE issues in libraries that are distributed with the Deltares Open Archive and the upgrade strategy of these libraries. The Common Vulnerability Scoring System (CVSS) of severity Critical and High are reported here.
THREDDS
| date | CVE | description | versions | Risk for Deltares Open Archive | JIRA | upgrade strategy |
|---|---|---|---|---|---|---|
| October 2021 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container | up to 202301 | False positive. Users in thredds are not allowed to upload velocity templates. | FEWS-29325 | |
Apache Tomcat CVE score Critical and High
...